I'm having trouble setting an IP range for an internal DNAT rule to redirect NTP (UDP/123) traffic destined for the WAN to an internal server in LAN. A single IP entry works but I want the rule to catch <ANY> destination IP heading to the WAN interface and redirect (with masquerading) to the inside. When I try to define a range in the "Destination Host/Network" section, the wizard complains that I "must select an IP Range for Protected Server(s)". I found this thread https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/80501/how-to-replicate-utm-rule-to-redirect-dns-ntp-to-internal-server where another user was trying to accomplish the same. However even trying those settings using my port GW address as destination, I'm not seeing the traffic being redirected with tcpdump. Is it possible with version 16.01.2 or is this a known bug? I think a "ANY" option for destination would work perfectly but its missing and I also tried 0.0.0.0 like the other poster but UI prevented me. Thanks for any inputs.
This thread was automatically locked due to age.
