Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 2 subscribers
  • Views 1072 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

blind NAT

axtech01
Hi Guys,

Anyone knows if Sophos UTM support feature like Blind NAT like Monowall or Pfsense ?

Can i try to DNAT to a server / PC that sit outside the firewall internal subnet but routetable via internal network.

Thanks


This thread was automatically locked due to age.
  • 0
    Yes, I believe this is possible, but why would you want to do such thing?

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

  • 0
    I think that Sophos should support such a thing. You're thinking about something like DNATing a service that's in another office, say on a WAN connection that links the two offices? Not behind the UTM, but reachable through it?
  • 0
    The main reason is the server does sit inside the vlan or subnet as the UTM.

    When i use SSL VPN the server is reachable.
    But the i have configure it with DNAT. TCPDUMP keep telling that the ARP to the destination is missing. " where is the server etc"

    So i was hoping to get some ideal from yours guys.

    Regard
    Adrian
  • 0
    Adrian, is your topology as follows?

    Internet<>[UTM]<>[router]<>[server]


    If so, then you just need a static gateway route in the UTM like '{server subnet} -> {router IP in Internal (Network)}'

    If that's not the solution, then please give us an idea of your topology including representative IP addresses. 

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Adrian, is your topology as follows?

    Internet<>[UTM]<>[router]<>[server]


    If so, then you just need a static gateway route in the UTM like '{server subnet} -> {router IP in Internal (Network)}'

    If that's not the solution, then please give us an idea of your topology including representative IP addresses. 

    Cheers - Bob




    Hi Bob,
    your understanding is correct
    The wired thing is the destination is routing table only in the UTM CLI.
    But when we perform nat on the destination the routing will stop and inform that is not arp. 

    Thanks
  • 0
    Please [Go Advanced] and attach a picture of "But when we perform nat on the destination the routing will stop."

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Cookie Information Banner