Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 27 subscribers
  • Views 10006 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Nat rule/Port forwarding for non tcp/udp ports.

OmerAhmed

Hi Guys,

Does anyone know how do i go about adding a Nat rule/port forwarding to allow GRE protocol 47 to forward to Microsoft RAAS (routing and remote acces/VPN) server?

I know we can do a user rule which is ONLY a firewall rule to accept the traffic but NOT Forward.

If we do a non-http business rule which is (External -> internal) it only allows for TCP and UDP ports to forward only.


If anyone can please shed a light on this, or if they had come across this issue and implemented a work around and wouldn't mind sharing it, that would be greatly appreciated.



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    I just checked my XG and under services you can select GRE in a network policy, is this what you are looking for?

  • 0 in reply to IanMorehouse

    HI,

    thanks for the reply, the GRE service is there sure enough. But when you want to port forward (Create business rule as it says in XG) it doesn't give you an option to choose the services/ports to forward. You can only choose TCP/UDP ports to forward.

    When you create a user rule, it only accepts the traffic NOT forward also that's a firewall rule (LAN->WAN).

    Business application rule is what's required with GRE47 protocol forwarding to internal VPN server (WAN->LAN).

    Just to put it out there, XG version is SFOS 15.01.0 MR-2

  • 0 in reply to OmerAhmed

    I think you are confusing yourself. What you are trying to do is a network function, not a business function. The business might be to allow users via gre tunnel but to achieve this you need a network rule because there is no busines functions in a gre tunnel. Business functions are application based etc not protocol based.

Reply
  • 0 in reply to OmerAhmed

    I think you are confusing yourself. What you are trying to do is a network function, not a business function. The business might be to allow users via gre tunnel but to achieve this you need a network rule because there is no busines functions in a gre tunnel. Business functions are application based etc not protocol based.

Children
No Data