Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 14 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 1265 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Lan - lan source nat

nedal tomeh

how can i forward traffic from lan 1 to lan 2 with nat ?

i want all traffic (many networks ) forwarded from interface 1 (lan 1) to interface 4 (lan 2) to translate from the source network address to interface ip (interface 4)and pass to the internal network (lan 2) with translated ip

already i configured fw rules between 2 lans source any and destination any

just i want to translate all traffic to interface ip (one ip) 

thanks you



This thread was automatically locked due to age.
  • 0

    Hala Nedal,

    Please Edit that post to delete that link and insert your image into the post. We can't know if that external site is properly protected. The only malware I've gotten in almost 15 years was from a link in this Community to an external picture in 2014.  Thanks in advance!

    Have you tried an SNAT?

    Cheers - Bob

  • 0 in reply to BAlfson

    hello BAlfson

    sorry about link, i removed it and uploaded the image into a post

    about my case

    Look,

    I want to translate all networks that come from router (10.200.220.0,10.45.200.0,10.35.220.0.......) to Sophos interface IP 172.20.0.1, interface connected with L3 Switch then forwarded to server 10.100.25.5

    i configured policy from lan 1 to lan 2 and vice versa with source and destination any any

    and i added new nat rule port1 to port 4 original source any original destination destenation any

    snat masq then i tried to ping from 10.200.220.10 to 10.100.2.5 but request time out

    how can i make source nat in Sophos?

    thanks a lot

  • 0

    Thanks for inserting the diagram!

    If the Router in LAN 1 forwards all the traffic from behind it to port 1 on the Sophos Firewall with a source IP of 172.30.1.165, then you only need an SNAT that changes the source in packets from 172.30.1.165 to 172.20.0.1.

    Cheers - Bob
    PS If your question is about XG instead of UTM on an SG, one of us will move this thread to that community.

  • 0 in reply to BAlfson

    There is no nat between the router and sophos xg 430 . Traffic forwarded to sophos in origenal ip . 

    I want to translate all networks to 172.20.0.1 when forwarded from sophos to l3 switch

    And 2 lans reach each other (10.100.25.5 and all networks)

    Thank you

  • 0 in reply to nedal tomeh

    Since this is a question about XG, I'll move this thread over there.

    Is all of the traffic from LAN 1 going through the XG going only to LAN IPs or does that also include traffic outbound to the internet?

    Cheers - Bob

  • 0 in reply to BAlfson

    Yes all traffic going only to lan  

    To server 10.100.25.5 (zone lan) not dmz zone

    No internet or public ip in my cae

    Thanks

  • 0 in reply to nedal tomeh

    Any suggestions to solve my case ?

  • 0 in reply to nedal tomeh

    Hello,
    1. SG or XG?
    2. what exactly is the problem? ...you didn't reach a network?
    Because L3 Switch and router do routing ... do you configured these devices as gateway to the networks behind them?
    Would be good to see your rules.

  • 0 in reply to dirkkotte

    hello,

    xg 430 

    simply i want to translate all coming network traffic from the router to Sophos interface IP 172.20.1 

    then forwarded to L3 switch then server 10.100.25.5

    source network 10.200.220.0, 10.35.220.0 , 10.45.220.0 ........

    destination network 10.100.25.5

    translated source network to 172.20.0.1 while source network access destination server

    thanks

  • 0 in reply to nedal tomeh

    NAT Looks good so far.
    You need a Firewall rule allowing this traffic.
    (try Any to 10.100.25.5 first)

    PS: Your interface ip isn't 172.20.0.1/32 (like in your picture) but 172.20.0.1/24 ...!?

    Enable logging within firewall-rules and Check logviewer. Set free-text-search-filter to 10.100.25.5

    please show us your "source network 10.200.220.0, 10.35.220.0 , 10.45.220.0" - definitions ... or try "any" for a short time instead

    L3-Switch and Router use Firewall as default gateway?