Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 27 subscribers
  • Views 445 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

NAT Rule - mask IP from another subnet

ITkbr

Hi,

I ("Rule-Noob") need help with the definition of a NAT rule. We want to communicate with a power storage via Modbus TCP (E3DC storage). On the internal network it all works fine - however the storage drops any communication from another subnet. This is also discussed in other forums if this is a security feature or a bug (?).

Anyway. The goal is to be able to communicate with the device from another subnet. However, I fail to set the rule accordingly.

We have a Sophos XG310.
(Modbus) Client (connected via VPN): 192.168.121.1 => E3DC Storage: 192.168.180.50  via Modbus port 502

If I understood correctly, I have to "rewrite" the source address (192.168.121.1) to the 180 network ?

grateful for any assistance



This thread was automatically locked due to age.
  • 0

    Hi,

    no, a simple lan rule at the top of your rule list should do.

    Source LAN, network 192.168.121.0/24, Destination LAN, network 192.168.180.50/24 (or 192.168.180.50/32), service 502 (or any), allow, log.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • +1

    Hello there,

    Thank you for contacting the Sophos Community.

    So some devices do not reply to packets that do not come from their same subnet; this is a security feature, which is why it is recommended to turn off any local firewalls in the devices when troubleshooting.

    You can take a look at this Recommend Read on how to Masquerade traffic so the device receiving the communication sees it as it’s coming from their local subnet.

    Also make sure you have the correct VPN to LAN Firewall rule in the Sophos Firewall.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    Works, thank you. The link has helped me a lot.

    But: why I always thought that my changes have no effect or I do not understand:
    Why the "Usage counter" remains even after several updates always on 0. ?



  • 0 in reply to ITkbr

    Usually means the rule is not being used, do you have logging enabled on the firewall rule?

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML