Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 2 answers
  • Subscribers 28 subscribers
  • Views 251 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[Newbie] How is PAT many-to-many working?

Manfred Hofer

Hi all,

sorry for the newbie question. I'm using UTM since decades and now with UTM EOL in 2026, I gave it a shot and tried to migrate to SFOS.

Unfortunately it's not as intuative as UTM but I try to move everything over. One problem I encountered are many-to-many PAT configuration.

When having a service with e.g. TCP and UDP ports 11443 and I want to translate it to another service with TCP and UDP ports 22443 I get the message "Original and translated services don't match." From the documation (docs.sophos.com/.../index.html I only find this "For many-to-many translation, the ports for the original and translated services must be equal in number."

My question is how this now works? What does equal in number mean? Does it mean if the service has 2 ports the other service needs also to ports?

Thanks for your help.

Cheers,

Fred



This thread was automatically locked due to age.
Parents
  • 0

    Likely it is based on the fact, you are having a service with TCP and UDP. Is your service really TCP and UDP at the same time? If not, remove the not using part. Then it should work fine. 

    __________________________________________________________________________________________________________________

Reply
  • 0

    Likely it is based on the fact, you are having a service with TCP and UDP. Is your service really TCP and UDP at the same time? If not, remove the not using part. Then it should work fine. 

    __________________________________________________________________________________________________________________

Children
  • 0 in reply to LuCar Toni

    Unfortunately it's using TCP/UDP. If it's at the same time I'm not sure. In UTM I had the possibility to create either TCP, UDP or TCP/UDP. If I can't use it that way I would need to built 2 NAT rules right? Also not a great solution. Wonder then why you can create Service that way if you can't really use it in a specific configuration.

  • 0 in reply to Manfred Hofer

    I don't think It's currently possible to do this with a single NAT Rule.

    Manfred Hofer said:
    If I can't use it that way I would need to built 2 NAT rules right?

    Yes, you will have to create two separates' NAT Rules, one for TCP and another for UDP.

    If a post solves your question use the 'Verify Answer' button.

    XG 115w Rev.3 8GB RAM v19.5 MR1 @ Home.

Unfiltered HTML