Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 7 replies
  • Answers 2 answers
  • Subscribers 27 subscribers
  • Views 17561 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG550 NAT - Not sure if it is working correcting

Zi Wei Tan

 Hi,

 

I wonder if I can get some help on doing a NAT for our Video Conferencing unit. I am new to the XG550 and had tried to find out how exactly its done but it does not seems to work. It would be great if anyone can advise on my setup and any help is greatly appreciated.

What I had tried to do is as follows:

- Add a new business application rule to the policy

- Rule Name: XT Desktop

- Source Host: Any

- Source Exceptions: <Empty>

- Hosted server Source Zone: WAN

- Hosted address: XT Desktop Public IP

- Protected Application Server Protected Zone: LAN

- Protected Application Server: XT Desktop Internal IP

- Forward all ports: ON

- Routing Rewrite Source address (Masquerading): ON

- Routing Use Outbound Address: XT Desktop Public IP

- IPS: None

- Traffic Shaping: None

- Log Firewall Traffic: ON

- Create Reflexive Rule: ON

- Security Heartbeat: OFF

Whenever I tried to connect to this desktop from external locations, the connection will not work. Hence now stuck and not sure how to proceed or troubleshoot on this.

Many thanks for any help and suggestions!

 

Tan



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to lferrara

    Hi Luk,

    I managed to upgrade one unit of the XG to v16.05 MR-3 but encountered some issues with the application filter as well as the HA portion. Nevertheless, I will sort out these issues but still need advice on how to configure the rule. I can get the DNAT Business Rule in place but it seems like I am not able to select a list of ports to be used. I got a list of ports and port range to open for this particular desktop but it seems like I can only enter specific port instead of selecting a Service group.  Is there any way to use a Service Group instead? My list of ports that need to be open include 1024-65535 (UDP), TCP 3336, TCP 3337 etc. 

    Thanks for your advice!

    Tan

     

  • 0 in reply to Zi Wei Tan

    Tan,

    with v16 is not possible either. This feature is planned for v17. You have to use port numbers.

    Regards