Greetings,
I recently upgraded from Astaro v8 to Sophos v9 and I found an issue with a difference in the way each version works. Quick story is that it was sloppy setup in the v8, that caused a problem when the setup was imported into v9.105-9. This is simply to document the trouble, after my fix, there's no issue. IP addresses have be obscured.
Problem:
After upgrading from v8 to v9.105-9, none of the incoming NAT translations were properly executed from the external interface to the appropriate servers on the inside of the network. External requests made to 'additional addresses' on the external interface would not complete. No evidence of their transfer is seen in the firewall log. So, a user trying to connect to http://www.additionaladdress.com were not completed, and the browser reports no page is available.
What was wrong:
In the v8 setup, the external interface was assigned to a public IP address as an /29 network. Lets say it was ***.***.***.107/29 with a gateway of ***.***.***.105.
In addition, there were three 'additional addresses' listed on that interface.
The first two were entered as /32 networks as:
***.***.***.108/32
***.***.***.109/32
Unfortunately, the third was entered as a /24 address as:
***.***.***.110/24
That third address is what was causing a problem in v9, but not in v8.
The fix:
The fix was to correctly update the third additional address to
***.***.***.110/32
Conclusion:
While it took a couple hours to find this issue, the fix took only a minute, and the incoming packets started to route correctly.
I hope i save someone a couple of hours searching for this!
This thread was automatically locked due to age.
