Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 32917 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to configure NAT with specified WAN IP?

SteveChung

Hello,

I am confused on the NAT setting on Sophos XG.

The firewall WAN IP is 220.18.18.132. I created policy rule as below.

Source
Host: Any
Hosted Server
Source Zone: WAN
Hosted Address: 220.18.18.158
Protected Zone: LAN
Protected Application Server: Server1 (10.0.0.111)
Forward all ports: Off
Protocol: TCP
External Port: 80, 25
Managed Port: 80, 25
Rewrite source address (Masquerading): On
Use Outbound Address: 220.18.18.158

I could access port 80 and 25 from WAN to 220.18.18.158.

However, the source IP was 220.18.18.132 (Sophos firewall WAN IP) when I access from Server1 (10.0.0.111) to hosts in WAN.

How can I make it using 220.18.18.158 as source IP for accessing WAN network? Thank you!



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to sachingurung

    Dear sachingurung,

    Thank you for the information.

    However, I am NOT going to add additional IP for firewall interface.

    I want inside host access from/to internet with specified WAN IP.

    For example, Internet user would access port 25 and 80 of server with WAN IP 220.18.18.158. That server should connect any service on Internet host with WAN IP 220.18.18.158 as well.

    Should I configure it as below?

    inbound (WAN -> LAN) - business application rule with port forwarding (port 80, 25) and rewrite source address with MASQ.

    Outbound (LAN -> WAN) - network/user rule with rewrite source address 220.18.18.158.

  • 0 in reply to SteveChung

    You already have the Rewrite source address (Masquerading) on 220.x.x.158, alongside turn ON the reflexive rule in the configured business policy.

    Thanks