This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Another NAT question...

Hi,

I searched google and this forums on how to setup NAT for our servers in DMZ. We are currently using Fortigate and testing a demo unit from Sophos. Here are my issues:

Our servers are on the DMZ with network 192.168.10.x. We have multiple public IPs that are mapped to 192...network in Fortigate. How do I achieve this in Sophos?

I tried using DNAT/SNAT, but still confused on how this really works. How about FULL NAT? I already created additional addresses on the WAN interface.

Yesterday, i configured DNAT for our exchange server in DMZ. Clients on the LAN can send email to the internet but not receive. Lan-to-lan email is fine.

I only have 1 week left to test and we need to make decision by 21st of November. Please help.

Edward

This thread was automatically locked due to age.

0 BarryG over 12 years ago

Hi, you need to use DNAT for inbound traffic, and, IF you need to change the outbound addresses, you can use SNAT for the outbound.
Full NAT should not be used for this.

You'll also need packetfilter rules.

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 12 years ago
Hi, Edward, and welcome to the User BB!

Barry's exactly right. Two classic beginner errors are possible here.
[LIST=1]
Never bind a Host/Network definition to a specific interface; always leave it with 'Interface: >'.
In the 'Matching Condition', 'going to' must use the "External [additional address] (Address)" object created by WebAdmin when you defined the additional address. Using a regular, manually-created host definiton here will prevent the DNAT from matching the desitred traffic.
[/LIST]

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel