Hi
I'm trying to understand masquerading and NAT on the Sophos UTM. Other topics about this already exist and I did read them but I still can't completely wrap my head around it..
I don't understand the purpose masquerading serves. Let's say we want all outgoing traffic to appear coming from our WAN address 1.1.1.1 so we create a masquerading rule like this:
Internal network group --> WAN interface: use address 1.1.1.1
Why can't I just create a NAT rule:
SNAT Internal network group --> Any service --> Any: change source to 1.1.1.1
Wouldn't the result have the same result? Of course all internal traffic passing the firewall would also be NATed, so is that the difference? That you can't select a destination "Any external" and it goes for everything?
And unrelated to the previous question, how does NAT relate to WAF? If I create a virtual webserver with corresponding real webserver, does the Sophos take care of the DNAT involved or do I still need to create those rules as well?
Thanks in advance!
This thread was automatically locked due to age.
