Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 3412 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DMZ for internal Host

Prerak Patel

Hello,

 

We have just installed a UTM last month and its been working great.

However,  I have a question regarding setting up one of the internal host.

The Scenario is that, one of the host needs to be connected to the third party server using port 21 and 80. I have created SNAT and DNAT just for that internal Host. But it does not seems to be working. I have also added that host to the "Skip Transparent Mode source host list" but still doesn't work.  So, I am thinking to add that host to DMZ for testing.

Would someone please let me know that how I can achieve that?

 

 

Regards,



This thread was automatically locked due to age.
Parents
  • 0

    Hi, Prerak, and welcome to the UTM Community!

    Open the Firewall and Web Filtering Live Logs and make the host attempt to connect to the external server.  Show us the line where the access was blocked.  If you see the Block in the Firewall log, show us the corresponding line from the full log file.  Alone among the logs, the Firewall Live Log presents abbreviated information in a format easier to read quickly.  Usually, you can't troubleshoot without looking at the corresponding line from the full Firewall log file.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Hello Bob,

     

    Thank you for your response.

    I checked the firewall logs and find out that the packets were dropping

     

    2016:12:01-15:34:58 sophosfirewall ulogd[10425]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="BB" dstmac="AA" srcip="192.168.0.52" dstip="A.A.A.A" proto="6" length="44" tos="0x00" prec="0x00" ttl="30" srcport="2058" dstport="80" tcpflags="SYN"

     

    So, I added a firewall rule to allow any services from that third party server. and IT WORKED. Initially, I only added NAT rule with automatic firewall rule for specific ports for that traffic. But i guess packets were dropping because of TCP SYN Flood protection is enable.

  • 0 in reply to Prerak Patel

    "packets were dropping because of TCP SYN Flood protection" - That's not what that line shows, Prerak, but too much information is obfuscated for me to be able to "read" the line.  Is dstip="A.A.A.A" in fact the IP of "Internal (Address)" or of "DMZ (Address)" or ???  fwrule="60001" means that the drop was out of the INPUT chain, which I don't understand.

    To see if you're having issues with flood protection, look in the Intrusion Prevention log.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to Prerak Patel

    "packets were dropping because of TCP SYN Flood protection" - That's not what that line shows, Prerak, but too much information is obfuscated for me to be able to "read" the line.  Is dstip="A.A.A.A" in fact the IP of "Internal (Address)" or of "DMZ (Address)" or ???  fwrule="60001" means that the drop was out of the INPUT chain, which I don't understand.

    To see if you're having issues with flood protection, look in the Intrusion Prevention log.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML