Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 7 replies
  • Answers 2 answers
  • Subscribers 27 subscribers
  • Views 17561 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG550 NAT - Not sure if it is working correcting

Zi Wei Tan

 Hi,

 

I wonder if I can get some help on doing a NAT for our Video Conferencing unit. I am new to the XG550 and had tried to find out how exactly its done but it does not seems to work. It would be great if anyone can advise on my setup and any help is greatly appreciated.

What I had tried to do is as follows:

- Add a new business application rule to the policy

- Rule Name: XT Desktop

- Source Host: Any

- Source Exceptions: <Empty>

- Hosted server Source Zone: WAN

- Hosted address: XT Desktop Public IP

- Protected Application Server Protected Zone: LAN

- Protected Application Server: XT Desktop Internal IP

- Forward all ports: ON

- Routing Rewrite Source address (Masquerading): ON

- Routing Use Outbound Address: XT Desktop Public IP

- IPS: None

- Traffic Shaping: None

- Log Firewall Traffic: ON

- Create Reflexive Rule: ON

- Security Heartbeat: OFF

Whenever I tried to connect to this desktop from external locations, the connection will not work. Hence now stuck and not sure how to proceed or troubleshoot on this.

Many thanks for any help and suggestions!

 

Tan



This thread was automatically locked due to age.
Parents
  • 0

    Tan,

    here the KB on how to DNAT an internal server:

    https://community.sophos.com/kb/en-us/122976

    Untick the create a reflexive rule and Routing Use Outbound Address: XT Desktop Public IP. For the outbound create a rule manually and see if everything works correctly.

    Regards

  • 0 in reply to lferrara

    Hi ,

     

    Many thanks for your reply and much appreciated.

     

    I saw the KB before but I do not know why when i create the Business Application Rule, I do not have the option to choose DNAT/Full NAT/Load Balancing. Hence, I choose to create the rule based on "Non-HTTP based Policy". This should be fine? 

    For the outbound rule, this is to create a "User/Network Rule" to allow the XT Desktop Internal IP to go to WAN?

     

    Lastly, if I removed the "Routing Use Outbound Address: XT Desktop Public IP" and set it to MASQ, it will always default back to the WAN Port IP. The WAN port IP is different from the XT Desktop Public IP and hence, not sure whether this will route the traffic to the PC?

    I am a newbie on this so many thanks for your help.

    Tan

Reply
  • 0 in reply to lferrara

    Hi ,

     

    Many thanks for your reply and much appreciated.

     

    I saw the KB before but I do not know why when i create the Business Application Rule, I do not have the option to choose DNAT/Full NAT/Load Balancing. Hence, I choose to create the rule based on "Non-HTTP based Policy". This should be fine? 

    For the outbound rule, this is to create a "User/Network Rule" to allow the XT Desktop Internal IP to go to WAN?

     

    Lastly, if I removed the "Routing Use Outbound Address: XT Desktop Public IP" and set it to MASQ, it will always default back to the WAN Port IP. The WAN port IP is different from the XT Desktop Public IP and hence, not sure whether this will route the traffic to the PC?

    I am a newbie on this so many thanks for your help.

    Tan

Children