Thread Info
  • State Suggested Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 13 replies
  • Answers 1 answer
  • Subscribers 29 subscribers
  • Views 28184 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to replicate UTM rule to redirect DNS, NTP to internal server?

JeffThompson

I'm trying to match my UTM9 setup on a text XG system.  Hit a blocker...

I have a forwarding rule in UTM which catches traffic to destination "Any IPv4" on the NTP & DNS ports and redirects it to the UTM's LAN address.  It's there to stop unecessary external connections from IoT devices and also to prevent people circumventing any restrictions I impose via DNS lookups.

I can't seem to make this work in XG - there's no "any" destination and trying to create it as (0.0.0.0/0.0.0.0) raises an error.  Can anyone advise how I can replicate my UTM rule?

Thanks!



This thread was automatically locked due to age.
Parents
  • +1

    Guys, Finally finally I got it worked. I tried from SSL VPN system.

    Note:
    ** Do not use default Sophos NTP service, for some reason it was not working
    ** Create a custom NTP service with entry only for UDP 123
    ** Ensure to masquerade the DNAT rule
    ** Create new Business rule type DNAT

    Screenshots:

  • 0 in reply to ce_Sophos

    This helped a lot!  It's already 2018 and Sophos hasn't added the NTP server feature to XG yet.   To those needing to setup their XG as an NTP server, we can do this for now.

     

    To those interested in following in our footsteps, the "UDP 123 only" NTP service is important.  Otherwise if you'll use the pre-defined NTP service (with TCP), you'll get an error saying "the timeout period expired" when syncing time to the XG firewall.

Reply
  • 0 in reply to ce_Sophos

    This helped a lot!  It's already 2018 and Sophos hasn't added the NTP server feature to XG yet.   To those needing to setup their XG as an NTP server, we can do this for now.

     

    To those interested in following in our footsteps, the "UDP 123 only" NTP service is important.  Otherwise if you'll use the pre-defined NTP service (with TCP), you'll get an error saying "the timeout period expired" when syncing time to the XG firewall.

Children
No Data