How to NAT 2 Times With 2 Sophos XGS Firewall Devices To Public Web Server

In order to provide increased security, you might need to create a second public IP address on your Sophos XGS firewall device.

The how to configure nat in sophos xg firewall is a question that has been asked many times. In this article, we will provide 2 NAT configurations for the Sophos XGS firewall devices.

Vincent Sophos 0 Vincent Sophos 0 Vincent Sophos 0 Vincent Sophos 0 Vincent Sopho

Overview

The article demonstrates how to set up DNAT twice using two Sophos XGS devices, with one external device protecting the whole internal system and the other protecting the server system at the DMZ network.

Diagram

Configuration steps

• DNAT is used to connect an internal firewall to a public web server.
• Output of DNAT for an external firewall to a public web server
• Examine the website’s accessibility.

How to set it up

2nd Firewall

• Admin account login to Sophos XGS
• Select Hosts and Services from the SYSTEM menu. Select an IP address -> Activate the Add button.
• Fill in your name here.
• Choose IPv4 as the IP version.
• Choose IP as a type.
• Enter 10.10.10.150 in the IP Address field.

-> Select Save.

• Select NAT rules from the Rules and Policies menu. To add a NAT rule, go to Add NAT rule -> Select the Server Access Assistant option (DNAT)
• IP address of internal server: Select an already established host web server.

• IP address in the public domain: Select the WAN port you wish to NAT.

• Select HTTP or HTTPS from the Services menu.

• Networks and gadgets from outside sources: Any option is acceptable.

• Sophos will automatically generate a firewall rule for you once you create DNAT.

1st Firewall

• Admin account login to Sophos firewall
• Navigate to Hosts and Services -> IP Host -> Activate the Add button.
• Fill in your name here.
• Choose IPv4 as the IP version.
• Choose IP as a type.
• In the IP address field, enter 172.18.18.100, which is the Sophos firewall 2’s IP WAN address.

• Select NAT rules from the Rules and Policies menu. To add a NAT rule, go to Add NAT rule -> Select the Server Access Assistant option (DNAT)

• IP address of internal server: Select the host WAN of the firewall Sophos 2 that was previously built -> Next should be selected.

• IP address in the public domain: Select the Sophos 1 firewall’s WAN port -> Next should be selected.

• Select HTTP or HTTPS from the Services menu. Next should be selected.

• Source networks and devices from outside the company: Select Any -> Next should be selected.

• Sophos will automatically generate a firewall rule for you once you create DNAT.

Check the website’s accessibility.

YOU MIGHT ALSO BE INTERESTED IN

Previous

Sophos Endpoint: Using the user interface, remove Sophos Endpoint Protection on CentOS Linux

Be the first to share your thoughts.

To combat spam, this site use Akismet. Find out how your comment data is handled.

The how to create dnat rule in sophos xg v18 is a tutorial that shows you how to NAT 2 times with 2 Sophos XGS firewall devices to public web server.