Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 2 replies
  • Subscribers 27 subscribers
  • Views 670 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

What is Reflective rule in XGS?

Andrej Pirman

Hi,

on XGS-136 when I use NAT rule wizard, it creates all needed rules + one not-needed Reflective rule. I don't really understand, what Reflective rule is and why is it needed. I usually only create DNST rules, from outside into LAN or DMZ, and local servers already have MASQ and have access to internet resources by default. So why would I need additinal Reflective rule? It's my 2nd XGS only, so I am not (yet) deep into it. Can somebody explain it to me?



This thread was automatically locked due to age.
Parents
  • +1

    Hi :  The reflexive rules are only needed If your requirement is that the published server wants to initiate connections to the outside Internet IP i.e. return traffic from a server published by a DNAT rule is automatically NATed as part of the stateful inspection. (In case any matching SNAT rule is not found in the NAT rule section and Default SNAT is also disabled for outbound traffic).

Reply
  • +1

    Hi :  The reflexive rules are only needed If your requirement is that the published server wants to initiate connections to the outside Internet IP i.e. return traffic from a server published by a DNAT rule is automatically NATed as part of the stateful inspection. (In case any matching SNAT rule is not found in the NAT rule section and Default SNAT is also disabled for outbound traffic).

Children