Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 6515 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Port forwarding only works for one server????

AdamBlunt

It's me again with another annoying gripe with XG that I will probably solve 2 minutes after posting this, but such is life.

I am forwarding some ports, my web/email server works just fine, so I used the exact same type of rule but for port 8080 for my CCTV DVR, unfortunately this results in a page that just gets stuck loading and eventually gives a failed to connect error in Firefox.

The rules are identical to ones used by my web/email server except the ports are 8080 instead of 80 and the application server is pointing to the DVR instead of the web/email server.

If I make the rule with the absolutely useless web protection policy instead of the non-http mode which is what I have used for everything else, mainly because the web protection polices require you to put a domain, but they do not support wildcard domains which are essential in my network, it will work with this, but not with the non-http policy which is what I want (unless the Sophos guys realize that wildcard domains are actually a feature many web servers use)

So my question is

Why when I use the same sort of rule as my web server which is working great but for a different server on a different port it refuses to work, but if I use the pointless http policy it works great, but only on one domain due to lack of wildcard domain support or a bypass feature to let any domain work.

Sophos XG has so far been great, had a few teething issues but so far this is the most confusing as the setup is absolutely identical to my web server in every single way, yet it wont work properly.



This thread was automatically locked due to age.
Parents
  • 0

    Thought I would add some more information.

    Sophos can ping the DVR, so they can defiantly communicate (otherwise the http based policy wouldn't have worked anyway)

    I tried modifying my port 80 rule so it points to my DVR instead of the web server, and that did not work either, so I don't think its an issue with the policy, I have a policy for the CCTV to communicate with the LAN just like with the servers, both of these are IP hosts with the IP range for each respective range, and then I have separate IP hosts with just the single IP for the DVR and web server.

    That is probably quite a bit to get your head around so let me sum it up, they are both configured identically but one works one doesn't, even if I switch them around the web server is the only one that works.

    My DVR listens on both port 80 and port 8080 (two ports but both go to same web interface), neither port 80 or port 8080 will forward, my old netgear router handled this fine, and after having great luck in setting up my other port forward rules I was hoping this would be as successful but I have come to the conclusion that sophos + a Dedicated Micros DVR = flames and fire or should I say no way of getting it through the firewall.

    I can only assume this is a bug as the is literally nothing I can change, the rules are all identical to my web server which works great, as I said earlier even switching it so the working policy on port 80 uses the DVR instead of the web server yields a timeout in a web browser.

    Love Sophos XG so far, but I absolutely hate the odd quirks that have no explanation like this.

  • 0 in reply to AdamBlunt

    Definitely a bug, the order you add the IP hosts DOES MATTER, you need to add your single IP's then the range last, or at least that how it seems, I did that for my servers and did the opposite with the CCTV as I had not changed the IP"s to my new range so just made the range before the DVR as I did not know what IP I was going to use.


    I deleted both the host and IP range then re made them starting with the host and remade the policy to forward port 8080 and to allow certain lan users to access and it started working as expected.

    Though it is defiantly a bug, either the order does matter or for some reason deleting/re adding fixed whatever was wrong.

Reply
  • 0 in reply to AdamBlunt

    Definitely a bug, the order you add the IP hosts DOES MATTER, you need to add your single IP's then the range last, or at least that how it seems, I did that for my servers and did the opposite with the CCTV as I had not changed the IP"s to my new range so just made the range before the DVR as I did not know what IP I was going to use.


    I deleted both the host and IP range then re made them starting with the host and remade the policy to forward port 8080 and to allow certain lan users to access and it started working as expected.

    Though it is defiantly a bug, either the order does matter or for some reason deleting/re adding fixed whatever was wrong.

Children
No Data