Forgive me, still a newbie with the Sophos XG's. I am accustomed to Fortinet, sonicwall, and watchguard appliances, so this question may be a real noob one.
I have a sophos XG85 I set up, using a TDS connection for the WAN. I am migrating this site to a time warner faster connection. I have the second port set as a WAN port, but I can't figure out for the life of me how to actually get it selected in the new rules I'm making.
Usually I'll create a second set of rules for simpler places like this, for the rules I"m going to create for the other WAN (i.e. HTTPS_IN_WAN2 SMTP_OUT_WAN1). That way I can test things out, and once things are functioning, I can cut over the DNS records, and let traffic start working on the new.
But I can't see any way to differentiate between the two WAN ports here when creating an outbound rule, to have something specific go out the other port and the other gateway.
I had tried testing by setting the source to be LAN, the networks to be two IP objects I created (one for a desktop in my office, the other for my laptop, both which have DHCP reservations and get specific IP's for things like this), services any, schedule all the time. Destination information to be WAN, and then networks I selected #Port4 (since this is the only way I can see right now that I can try to tell it to do something out that WAN2 port (and I *REALLY* wish we could rename ports). Action is accept, it defaulted to masquerading, and I had the option to specify that it use the "TimeWarnerGW" that I called the gateway for the second WAN port I'm testing. Everything else is off and none.
Even putting this rule first, my two machines that are specified by the network objects, still go out the other gateway.
For the inbound, I thought I'd test inbound SMTP from my Barracuda spam box that we colocate at our hosting site with our terminal servers. Host was the barracuda object I have created so I can limit SMTP into my exchange server to only come from the barracuda, source zone is WAN, hosted address since I only have the single IP, I just picked "Port4-x.x.x.x" that had the external IP address. Protected application server was LAN for the zone, and the SBS_Internal object I created for its IP address. Forward all ports is off, port forwarding is just TCP and 25, 587.
Now, that inbound worked, and the barracuda was able to test connect to my exchange server,
But I'm just not finding what I need to do to get things working outbound on the new WAN port.
I know I could simply reprogram things so WAN1 is the new IP and adjust things accordingly, but I want to test things before I commit to all the DNS changes. And I'm assuming there HAS to be some way to have multiple gateways and connections and have rules that use one or the other.
Thanks for any help, I'm sure it's something blindingly obvious I'm simply not seeing due to my unfamiliarity still with this new (for us) firewall appliance.
John
This thread was automatically locked due to age.
