
1.The purpose of the article
In this article techbast will show you how to configure the server’s internet traffic routing through the fixed IP WAN Alias.
2.Diagram

Details:
The internet connection is connected at port 2 of the Sophos XG Firewall device called ISP – Viettel IDC and has an IP of 171.x.x.195.
Also on port 2 we will have 4 more IP WAN Alias as follows:
- Port 2 – WAN 1 (Alias IP): 171.x.x.200.
- Port 2 – WAN 2 (Alias IP): 171.x.x.199.
- Port 2 – WAN 3 (Alias IP): 171.x.x.198.
- Port 2 – WAN 3 (Alias IP): 171.x.x.197.
The LAN subnet is configured at port 1 of the Sophos XG Firewall device with IP 172.16.31.1/24 and configured with a DHCP Server to allocate IPs to connected devices.
Finally, the server device running the database with IP 172.16.31.10/24 is connected to port 1 and named IMBX3850-DB-NEW.
3.Scenario
Techbast will configure the Internet traffic routing of the IBMX3850-DB-NEW server through Port 2 – WAN 1 with IP 171.x.x.200.
4.What to do
- Create Host profile.
- Create SD-WAN Policy.
- Create Firewall Rule và NAT Rule.
- Result.
5.Configuration
5.1.Create Host profile.
Go to Hosts and Services > IP Host and click Add to define a server with the following parameters:
- Name*: IBMX3850-DB-NEW.
- IP version*: IPv4.
- Type*: IP
- IP address*: 172.16.31.10.
- Click Save.

Similarly we also create a host profile for Port 2 – WAN 1 with IP 171.x.x.200
- Name*: 171.x.x.200.
- IP version*: IPv4.
- Type*: IP
- IP address*: 171.x.x.200.
- Click Save.

5.2.Create SD-WAN Policy
Go to CONFIGURE > Routing > SD-WAN routes and configure with the following parameters:
- Name: test.
- Source networks: select host profile IBMX3580-DB-NEW.
- Destination networks: Any.
- Services: Any.
- Application objects: Any.
- User or group: Any.
- Primary gateway: select ISP – Viettel IDC.
- Click Save.

5.3.Create firewall and NAT rule.
To create, go to PROTECT > Rules and policies > Firewall rules > Add Firewall rule > New firewall rule.
Configure according to the following parameters:
- Rule status: ON
- Rule Name: IMBX3850-DB-NEW to WAN.
- Action: select Accept.
- Log firewall traffic: select.
- Source zones: LAN.
- Source networks and devices: select host profile IBMX3850-DB-NEW.
- Destination zones: WAN.
- Destination networks: Any.

Also in the policy configuration section, we click Create linked NAT rule to create a NAT rule with the following information:
- Translated source (SNAT): select MASQ.
- Tích chọn Override source translation (SNAT) for specific outbound interfaces.
- Outbound interface: select Port 2 – WAN 1.
- Translated source: select host profile 171.x.x.200.
- Click Save.

Leave a Reply