ACL Violation when attempting WAN to LAN NAT v19.5.0

Question

Hello I have searched and can see others have this issue, however none of the solutions have worked for me so far. I have followed the steps at https://docs.sophos.com/nsg/sophos-firewall/19.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/RulesAndPolicies/NATRules/RulesPoliciesCreateDNATAndFirewallRulesForInternalServers/index.html#specify-the-nat-rule-settings to create the following policies, with the intention of allowing WAN -> LAN traffic the specified ports: 
 NAT Rule: 
 Sophos Public Address is an IP 192.168.0.90 
 Valheim Server is an IP 172.16.50.110 
 
 Firewall Rule:

The service 'Valheim' is defined as: 
 
 The packet captures I have been getting are as follows:

(apologies for drop-packet as an image and not plain text) 
 
 Any help would be greatly appreciated

sanket.shah · Accepted Answer

Hello Hugh, 
 It's not bug but intended behavior. 
 Once your traffic will match any NAT rule, it won't traverse below. 
 Same applies to Firewall rule as well.

LuCar Toni · Answer

Firewall Rule has to be Sophos_Public IP and your Server as Zone in Destination Section. 
 And the NAT Rule is not applied. The Service is off: You need to change the Source Port to 1:65500 to include the high ports.

Destination Zone	Destination Address
DMZ	Sophos Public Address
Game_Server_Zone	Sophos Public Address
Game_Server_DMZ	Sophos Public Address
ANY	Sophos Public Address

ACL Violation when attempting WAN to LAN NAT v19.5.0

Top Replies