Sophos XGS: How to NAT 2 times with 2 Sophos XGS firewall devices to public web server

Overview

The article shows how to configure DNAT 2 times with 2 Sophos XGS devices, 1 external device protects the entire internal system and 1 internal device protects the server system at the DMZ network

Diagram

Steps of configuration

  • DNAT for internal firewall to public web server out
  • DNAT for external firewall to public web server out
  • Check access to the website

How to configure

Firewall 2

  • Login to Sophos XGS by Admin account
  • Go to SYSTEM -> Choose Hosts and services -> Choose IP host -> Click Add
  • Enter name
  • In IP version: Choose IPv4
  • In Type: Choose IP
  • In IP Address: Enter 10.10.10.150

-> Click Save

Không có mô tả.
  • Go to Rules and policies -> Choose NAT rules -> Click Add NAT rule -> Choose Server access assistant (DNAT)
  • In Internal server IP address: Choose host web server which was created before
Không có mô tả.
  • In Public IP address: Choose WAN port which you want to NAT
Không có mô tả.
  • In Services: Choose HTTP, HTTPS
Không có mô tả.
  • In External source networks and devices: Choose Any
Không có mô tả.
  • Click Save and finish
Không có mô tả.
  • After creating DNAT, Sophos will automatically create a firewall rule for you
Không có mô tả.

Firewall 1

  • Login to Sophos firewall by Admin account
  • Go to Hosts and services -> Choose IP host -> Click Add
  • Enter name
  • In IP version: Choose IPv4
  • In Type: Choose IP
  • In IP address: Enter 172.18.18.100 is IP WAN of Sophos firewall 2
  • Go to Rules and policies -> Choose NAT rules -> Click Add NAT rule -> Choose Server access assistant (DNAT)
  • In Internal server IP address: Choose host WAN of firewall Sophos 2 which was created before -> Click Next
  • In Public IP address: Choose WAN port of firewall Sophos 1 -> Click Next
  • In Services: Choose HTTP, HTTPS -> Click Next
  • In External source networks and devices : Choose Any -> Click Next
  • Click Save and finish
  • After creating DNAT, Sophos will automatically create a firewall rule for you

Check access to website

Không có mô tả.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.