Sophos Firewall V19: Instructions on how to route the server’s internet traffic through the specified IP WAN Alias using SD-WAN

1.The purpose of the article

In this article techbast will show you how to configure the server’s internet traffic routing through the fixed IP WAN Alias.

2.Diagram

Details:

The internet connection is connected at port 2 of the Sophos XG Firewall device called ISP – Viettel IDC and has an IP of 171.x.x.195.

Also on port 2 we will have 4 more IP WAN Alias as follows:

  • Port 2 – WAN 1 (Alias IP): 171.x.x.200.
  • Port 2 – WAN 2 (Alias IP): 171.x.x.199.
  • Port 2 – WAN 3 (Alias IP): 171.x.x.198.
  • Port 2 – WAN 3 (Alias IP): 171.x.x.197.

The LAN subnet is configured at port 1 of the Sophos XG Firewall device with IP 172.16.31.1/24 and configured with a DHCP Server to allocate IPs to connected devices.

Finally, the server device running the database with IP 172.16.31.10/24 is connected to port 1 and named IMBX3850-DB-NEW.

3.Scenario

Techbast will configure the Internet traffic routing of the IBMX3850-DB-NEW server through Port 2 – WAN 1 with IP 171.x.x.200.

4.What to do

  • Create Host profile.
  • Create SD-WAN Policy.
  • Create Firewall Rule và NAT Rule.
  • Result.

5.Configuration

5.1.Create Host profile.

Go to Hosts and Services > IP Host and click Add to define a server with the following parameters:

  • Name*: IBMX3850-DB-NEW.
  • IP version*: IPv4.
  • Type*: IP
  • IP address*: 172.16.31.10.
  • Click Save.

Similarly we also create a host profile for Port 2 – WAN 1 with IP 171.x.x.200

  • Name*: 171.x.x.200.
  • IP version*: IPv4.
  • Type*: IP
  • IP address*: 171.x.x.200.
  • Click Save.

5.2.Create SD-WAN Policy

Go to CONFIGURE > Routing > SD-WAN routes and configure with the following parameters:

  • Name: test.
  • Source networks: select host profile IBMX3580-DB-NEW.
  • Destination networks: Any.
  • Services: Any.
  • Application objects: Any.
  • User or group: Any.
  • Primary gateway: select ISP – Viettel IDC.
  • Click Save.

5.3.Create firewall and NAT rule.

To create, go to PROTECT > Rules and policies > Firewall rules > Add Firewall rule > New firewall rule.

Configure according to the following parameters:

  • Rule status: ON
  • Rule Name: IMBX3850-DB-NEW to WAN.
  • Action: select Accept.
  • Log firewall traffic: select.
  • Source zones: LAN.
  • Source networks and devices: select host profile IBMX3850-DB-NEW.
  • Destination zones: WAN.
  • Destination networks: Any.

Also in the policy configuration section, we click Create linked NAT rule to create a NAT rule with the following information:

  • Translated source (SNAT): select MASQ.
  • Tích chọn Override source translation (SNAT) for specific outbound interfaces.
  • Outbound interface: select Port 2 – WAN 1.
  • Translated source: select host profile 171.x.x.200.
  • Click Save.

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.