Sophos XG v18: Nat port configuration guide for switchboard system on Sophos XG firmware version 18

January 14, 2021 Vincent Sophos 0

Overview

Article configuring Nat Port for Panasonic switchboard equipment, so that outside the Internet can phone to the internal system

Here I use Panasonic VoIP switchboard

Port Switchboard is 5060 but because port 5060 is a spam port, the switchboard will change port public to the outside is port 31303

Port Voice of the switchboard is the port range 16000 to 16500

Diagram

Không có mô tả.

How to configure

  • Login to Sophos XG by Admin account
  • Go to SYSTEM -> Choose Hosts and services -> In IP Host -> Click Add New -> Create host SwitchboardDevice1 with IP (192.168.4.10)
  • Create a host similar to SwitchboardDevice2 with the IP (192.168.4.11)
  • Go to Services -> Click Add -> Create Service with UDP protocol with 31303
  • Create service with UDP protocol with 16000 to 16511
  • Go to Rules and policies -> Choose NAT rules -> Click Add NAT rule -> Choose New NAT rule
  • Create NAT rule with 31303 port to IP of SwitchboardDevice1 (192.168.4.10)
    • In Original source: Choose Any
    • In Original destination: Choose Any
    • In Original service: Choose Service which was created before (31303)
    • In Translated source (SNAT): Choose Original
    • In Translated destination (DNAT): Choose 192.168.4.10
    • In Translated service (PAT): Choose Original
    • In Inbound interface: Choose Any or Port WAN
    • In Outbound interface: Choose Any or Switchboard port

-> Click Save

  • Create NAT rule with 16000 to 16511 port to IP of SwitchboardDevice2 (192.168.4.11)
    • In Original source: Choose Any
    • In Original destination: Choose Any
    • In Original service: Choose Service which was created before (16000:16511)
    • In Translated source (SNAT): Choose Original
    • In Translated destination (DNAT): Choose 192.168.4.11
    • In Translated service (PAT): Choose Original
    • In Inbound interface: Choose Any or Port WAN
    • In Outbound interface: Choose Any or Switchboard port

-> Click Save

  • Go to Firewall rules -> Click Add firewall rule -> Choose New firewall rule
    • Enter name: Allow WAN to TongDai
    • In Source zones: Choose WAN
    • In Source networks and devices: Choose Any
    • In Destination zones: Choose LAN
    • In Destination networks: Choose 2 IP of switchboard (192.168.4.10 and 192.168.4.11)
    • In Services: Choose 2 Service which was created before (31303 and 16500:16511)

-> Click Save

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.