Sophos XG: Configuration an SNAT rule

This article explains how to create a Source NAT firewall rule so that outgoing traffic from the internal network will use a different public IP address when connecting to a specific host on the Internet. This can be useful when network restrictions prevent the primary IP for connecting to a website or secure server

Configuration an SNAT rule

  • Login to XG Firewall by admin account


  • Network -> Interfaces


  • Click on Add Interface and the select Add Alias from the drop-down menu


  • Fill out the details -> Click Save


  • Hosts and Services -> IP Host -> Click Add to create an IP which you want to NAT ->Save


  • Profiles -> In … ->Click Network Address Translation -> Click Add


  • Enter a name for NAT Policy and select the IP Host created before -> Click Save to add the NAT policy


  • Firewall -> Click Add Firewall Rule


  • Enter the parameters as shown in the image below


  • Tick NAT & Routing -> Rewrite source address (Masquerading) -> Choose Use Outbound Address -> Click Save

Be the first to comment

Leave a Reply

Your email address will not be published.