I come from a Cisco world and am use to being able to create a NAT / forward rule, then apply firewall rules to it. I've been trying to figure out how to do the same type of thing with a Sophos XG.
As an example:
Say I have an external IP and want to forward traffic to it to a system on my DMZ. I create a Sophos Business Rule.
Source Host:Any
Source Zone: WAN
Hosted Address: EXTERNAL IP to use
Protected Zone: DMZ
Protected Application Server: INTERNAL DMZ IP/HOST
Forward all Ports: ON
Rewrite Source address: ON
Use Outbound Addresss: #NAT to INTERNAL HOST
Reflexive Rule: ON
This does what I think it should do. Traffic destined to the EXTERNAL address is NAT'D to the INTERNAL address. Traffic flowing from the INTERAL address also presents itself to external hosts as the EXTERNAL address. Just as I think it should. What doesn't happen is any access control/port control.
Can I create a Network Rule to police traffic for this?
Something like Source WAN/Any, Destination WAN / External IP Then allow the ports I want?
The system seems to match a rule, then quit. I can create a Network OR a Business rule but not both. Seems kind of gross to have to setup multiple Business rules and not be able to use defined objects..
What takes precedence Network or Business Rule? They look like they are treated the same .. but different.
Thanks,
Brian
This thread was automatically locked due to age.
