Sophos XG v18: Nat port configuration guide for switchboard system on Sophos XG firmware version 18

January 14, 2021 Vincent Sophos 0

Overview

Article configuring Nat Port for Panasonic switchboard equipment, so that outside the Internet can phone to the internal system

Here I use Panasonic VoIP switchboard

Port Switchboard is 5060 but because port 5060 is a spam port, the switchboard will change port public to the outside is port 31303

Port Voice of the switchboard is the port range 16000 to 16500

How to configure

  • Login to Sophos XG by Admin account
  • Go to SYSTEM -> Choose Hosts and services -> In IP Host -> Click Add New -> Create host SwitchboardDevice1 with IP (192.168.4.10)
  • Create a host similar to SwitchboardDevice2 with the IP (192.168.4.11)
  • Go to Services -> Click Add -> Create Service with UDP protocol with 31303
  • Create service with UDP protocol with 16000 to 16511
  • Go to Rules and policies -> Choose NAT rules -> Click Add NAT rule -> Choose New NAT rule
  • Create NAT rule with 31303 port to IP of SwitchboardDevice1 (192.168.4.10)
    • In Original source: Choose Any
    • In Original destination: Choose Any
    • In Original service: Choose Service which was created before (31303)
    • In Translated source (SNAT): Choose Original
    • In Translated destination (DNAT): Choose 192.168.4.10
    • In Translated service (PAT): Choose Original
    • In Inbound interface: Choose Any or Port WAN
    • In Outbound interface: Choose Any or Switchboard port

-> Click Save

  • Create NAT rule with 16000 to 16511 port to IP of SwitchboardDevice2 (192.168.4.11)
    • In Original source: Choose Any
    • In Original destination: Choose Any
    • In Original service: Choose Service which was created before (16000:16511)
    • In Translated source (SNAT): Choose Original
    • In Translated destination (DNAT): Choose 192.168.4.11
    • In Translated service (PAT): Choose Original
    • In Inbound interface: Choose Any or Port WAN
    • In Outbound interface: Choose Any or Switchboard port

-> Click Save

  • Go to Firewall rules -> Click Add firewall rule -> Choose New firewall rule
    • Enter name: Allow WAN to TongDai
    • In Source zones: Choose WAN
    • In Source networks and devices: Choose Any
    • In Destination zones: Choose LAN
    • In Destination networks: Choose 2 IP of switchboard (192.168.4.10 and 192.168.4.11)
    • In Services: Choose 2 Service which was created before (31303 and 16500:16511)

-> Click Save

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.