German Forum Sophos Cluster SG210 - NAT Rule not working

UTM Firewall requires membership for participation - click to join

Thread Info

State Not Answered
Locked Locked
Replies 2 replies
Subscribers 3 subscribers
Views 429 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Cluster SG210 - NAT Rule not working

Arnold Hienz over 3 years ago

Hello,

I've already posted yesterday in the german forum regarding a NAT rule that is not working anymore.

We have a sophos cluster SG210 in the production with the latest version 9.707-5 on it.

The nat rule is:

Any

TCP 2083 - destination port 2083 source port 1:65535

WAN Address

Server IP

TCP 2083 - destination port 2083 source port 1:65535

Firewall rule is automatically created by the nat rule. I've tried to disable IPS, Advanced Threat Protection and so on but nothing seems to work.

This is the error:

08:16:58

Standard-VERWERFEN

TCP

95.130.160.139

:

25117

→

213.95.82.36

:

2083

[ACK RST]

len=52

ttl=56

tos=0x00

srcmac=78:19:f7:40:af:f0

dstmac=00:1a:8c:f0:bf:c1

Any help or tipp would be appreciated.

Thanks

This thread was automatically locked due to age.

Parents

0 FormerMember over 3 years ago
Hi Arnold, Thanks for reaching out to Sophos Community.

Can you share a snapshot of the NAT rule that is configured. Also take a tcpdump on the source IP from where you're trying to access Port 2083 on the public IP.

tcpdump -nei any host x.x.x.x (where x.x.x.x is the source machine's public IP)

Also, try to check packetfilter.log --> tail -f /var/log/packetfilter.log | grep -i x.x.x.x (x.x.x.x is source public IP) and then try to access the port on public IP.

Ensure that Log Initial packets is enabled in the NAT rule.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 FormerMember over 3 years ago
Hi Arnold, Thanks for reaching out to Sophos Community.

Can you share a snapshot of the NAT rule that is configured. Also take a tcpdump on the source IP from where you're trying to access Port 2083 on the public IP.

tcpdump -nei any host x.x.x.x (where x.x.x.x is the source machine's public IP)

Also, try to check packetfilter.log --> tail -f /var/log/packetfilter.log | grep -i x.x.x.x (x.x.x.x is source public IP) and then try to access the port on public IP.

Ensure that Log Initial packets is enabled in the NAT rule.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data