Sophos XG Firewall (v18): NAT Enhancements

Поділитися
Вставка
  • Опубліковано 12 лис 2024

КОМЕНТАРІ • 38

  • @Jabbietube
    @Jabbietube 4 роки тому +2

    This change has made me reluctant moving my clients to V18. Hope it can be more simplified. I keep coming to watch this. Also add step by step guide instead of having to watch the whole video

    • @SophosSupport
      @SophosSupport  4 роки тому

      Thanks for your feedback, we'll forward this over to product management.

  • @tgitm
    @tgitm 4 роки тому +1

    Deployed an Astaro device in early 2012, that became the Sophos UTM. Migrated that to a software license and deployed on our own hardware when the orange box just wasn't man enough hardware-wise. Recently migrated to an XG device. Finally you're bringing the features I had on the UTM for the past 7 years to this apparent 'upgrade'. The UTM was a far superior product in my opinion, and judging by the current state of the XG it'll be many years before the features and control I had are implemented. XG just feels like a fisher price 'my first firewall' more designed for home use than to be deployed into a corporate network.

    • @SophosSupport
      @SophosSupport  4 роки тому

      Thanks for your feedback, we'll forward this over to product management.

  • @colthenry1594
    @colthenry1594 4 роки тому +13

    So, as a home user, I am testing XG because it allows me to block certain things to my kid's computers and enforce access times and what not. I also like that I can view where the traffic is coming from. But holy shit, I just want to do some basic port forwarding so that I can open up my NAT type in video games. Something so simple should not be made so complicated. I've tried several guides on the forums and here, but nothing pertain to that at all. Or they straight up just don't work at all. Would love a step by step on something more simple

    • @robbieels6628
      @robbieels6628 Рік тому +1

      Did you get a solution?

    • @ATKDERBY2010
      @ATKDERBY2010 Рік тому +3

      Exactly my problem, everything is so over-complicated. I know more about UTM's than I do XG and I have never once studied anything to do with the UTM but I actually completed the XG course and still, I know much more about UTM's. I think soon we will be pulling the XG's out

    • @colthenry1594
      @colthenry1594 Рік тому

      @@robbieels6628 Nope - just switched to other solutions

  • @stephend3961
    @stephend3961 2 роки тому +2

    Confusing as hell -- the old way was much easier to understand. Example: on a decoupled NAT-FW rules, how to do you know which FW entry to with witch NAT. Most of my entries don't work right.

    • @SophosSupport
      @SophosSupport  2 роки тому

      Hi Stephen, You may refer to 5:30 in the video on how to check which FW rule is link to the NAT Rule

  • @nekhely
    @nekhely 4 роки тому +2

    Here's what confuses utm users:
    1) no such thing as a linked nat rule. In utm we create nat rule and firewall rule gets created automatically so its the exact opposite here. Here u create firewall rule and a linked nat rule shows up.
    2) in utm to make dnat, the destination in firewall rule is set to the server itself, in XG it is set to wan interface. In XG it is confusing to have firewall rule with destination zone as LAN and destination network as the wan interface. And in utm we dont have to set inbound and outbound interface in the dnat rule.
    3) using assistant in XG dnat creates loopback and reflexive rules, while when the woman in video did not check on both of them when she created the dnat manually. So which is the right configuration? Should she have made a check on both?

    • @SophosSupport
      @SophosSupport  4 роки тому +1

      When using the DNAT Server Access assistant, by default it will create the Loopback and Reflexive rule, however it is not necessary/mandatory to configure this when doing it manually, the Loopback rule, allows the internal users access an internal server using the external interface, the reflexive rule allows the traffic server to start and be initiated from the destination zone to the source zone, in other words allows the server to start the traffic. Those 2 are optional rules, if useing the DNAT assistant, you can delete them afterwards.

  • @rigultru
    @rigultru 2 роки тому +2

    Wow, something so simple as port forwarding is a nightmare with this. Nothing about this works. The dnat does not direct external users using the public ip to private ip:port. The loopback it auto creates with the wizard also does not allow internal users to access the private ip:port using the public ip:port. I shouldn't have to click more than 3 times to create a nat rule for a simple port forward.

    • @SophosSupport
      @SophosSupport  2 роки тому

      Hi Modo, I'm sorry that you're having issues with the DNAT. The wizard was created for an easy way to get DNAT configured. If it's not working for you, kindly reach out to our Support team so they can assist you - support.sophos.com

  • @double_DD
    @double_DD 4 роки тому +19

    man, you made this so complicated....

    • @SophosSupport
      @SophosSupport  4 роки тому

      Thanks for the comment Double DD,
      Let us know which part you found complicated, so we can keep it in mind for the future!

    • @razormix
      @razormix 4 роки тому +3

      I agree. Small networks do not need this confusing complexity. I love the SG because it's simple, fast and rock solid.
      Even the latest SonicWALL OS is easier to understand than the XG.

    • @Eric-the-wise
      @Eric-the-wise 4 роки тому +3

      this is why we threw all the Sophos crap in the bin and replaced everything with Palo Alto... BEST. DECISION. EVER.

  • @WizardofCOR
    @WizardofCOR 3 роки тому +5

    The latest update broke my FW and NAT configuration.
    And this new "how to" is just awful - with ambiguous port examples and definitions, and super slow narration - even for IP addresses (really...?)
    This was figuratively painful to have to sit through. Even more painful is to have to reconfigure ALL FW rules and NAT entries after this update fubared 'em.
    As others have indicated, simple port forwarding shouldn't require a UA-cam video dialogue that traverses multiple configuration pages and drop-down options.
    And an update shouldn't break existing functionality.
    Makes me wonder if they hired a new Product Manager from Cisco.

  • @rburn99
    @rburn99 4 роки тому +13

    ease of management??? By no stretch of the imagination can this software be considered easy to manage in any context. Why would you force all users to have to deal with the complexity of a minority of advanced use cases? You've made the lowest common denominator be the upper limit of functionality. You shouldn't have to try and find a tutorial to do a simple port forwarding.

    • @SophosSupport
      @SophosSupport  4 роки тому

      Thanks for your feedback, we'll forward this over to product management.

  • @anthonyanderson1260
    @anthonyanderson1260 3 роки тому +1

    Can you guys please explain "Override source translation (SNAT) for specific outbound interfaces" does in DETAIL, including use cases? Thank you

    • @SophosSupport
      @SophosSupport  3 роки тому

      Hey Anthony, please check out our documentation on the topic here docs.sophos.com/nsg/sophos-firewall/18.0/releasenotes/en-us/nsg/sfos/releasenotes/rn_NATRulesManage.html
      Let us know if you have any specific questions about functionality

  • @xGreg8
    @xGreg8 4 роки тому +2

    The subtitles are out of sync... :(

  • @mozare3g171
    @mozare3g171 2 роки тому

    I'm still getting destination service doesn't match

  • @johnmax2503
    @johnmax2503 Рік тому

    HOW can u send secondary lan subnet from port to a secondary Wan?

    • @SophosSupport
      @SophosSupport  Рік тому

      Hi there,
      For sending your 2nd Subnet to secondary WAN, please see the following links:
      1. docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Routing/SDWANPolicyRouting/index.html#route-precedence
      2. techvids.sophos.com/watch/wa9zCk2gTKVmiekmybyux7

  • @smartinfosys4144
    @smartinfosys4144 2 роки тому +1

    Migration (v17) to (v18) is worst

  • @stephend3961
    @stephend3961 2 роки тому +1

    I have to support this Atrocity, and two years later -- Sophos v18 still sucks!

  • @oliveiras.de.emerson
    @oliveiras.de.emerson 4 роки тому +2

    Before it was very easy and functional, this version 18 is terrible to do nat, when nat and filter rule were together it was much better

    • @SophosSupport
      @SophosSupport  4 роки тому +1

      Hi Emerson, we appreciate the feedback and will use that to better improve the functionality!

  • @Brian-nz6ns
    @Brian-nz6ns 4 роки тому +2

    Either this linked NAT rule feature is really stupid, or the person describing how to set it up doesn't know what they're talking about. Maybe they just hire voice-over actors to describe networking concepts.

    • @SophosSupport
      @SophosSupport  4 роки тому

      Thanks for the feedback Brian,
      Let us know how we can improve this video so we can keep it in mind for the future!

  • @eozcelik42
    @eozcelik42 3 роки тому +4

    This is the worst firewall gui and also mindset Ive ever seen.

  • @mozare3g171
    @mozare3g171 2 роки тому +1

    we have no time for this games