This change has made me reluctant moving my clients to V18. Hope it can be more simplified. I keep coming to watch this. Also add step by step guide instead of having to watch the whole video
Deployed an Astaro device in early 2012, that became the Sophos UTM. Migrated that to a software license and deployed on our own hardware when the orange box just wasn't man enough hardware-wise. Recently migrated to an XG device. Finally you're bringing the features I had on the UTM for the past 7 years to this apparent 'upgrade'. The UTM was a far superior product in my opinion, and judging by the current state of the XG it'll be many years before the features and control I had are implemented. XG just feels like a fisher price 'my first firewall' more designed for home use than to be deployed into a corporate network.
So, as a home user, I am testing XG because it allows me to block certain things to my kid's computers and enforce access times and what not. I also like that I can view where the traffic is coming from. But holy shit, I just want to do some basic port forwarding so that I can open up my NAT type in video games. Something so simple should not be made so complicated. I've tried several guides on the forums and here, but nothing pertain to that at all. Or they straight up just don't work at all. Would love a step by step on something more simple
Exactly my problem, everything is so over-complicated. I know more about UTM's than I do XG and I have never once studied anything to do with the UTM but I actually completed the XG course and still, I know much more about UTM's. I think soon we will be pulling the XG's out
ease of management??? By no stretch of the imagination can this software be considered easy to manage in any context. Why would you force all users to have to deal with the complexity of a minority of advanced use cases? You've made the lowest common denominator be the upper limit of functionality. You shouldn't have to try and find a tutorial to do a simple port forwarding.
I agree. Small networks do not need this confusing complexity. I love the SG because it's simple, fast and rock solid. Even the latest SonicWALL OS is easier to understand than the XG.
The latest update broke my FW and NAT configuration. And this new "how to" is just awful - with ambiguous port examples and definitions, and super slow narration - even for IP addresses (really...?) This was figuratively painful to have to sit through. Even more painful is to have to reconfigure ALL FW rules and NAT entries after this update fubared 'em. As others have indicated, simple port forwarding shouldn't require a UA-cam video dialogue that traverses multiple configuration pages and drop-down options. And an update shouldn't break existing functionality. Makes me wonder if they hired a new Product Manager from Cisco.
Wow, something so simple as port forwarding is a nightmare with this. Nothing about this works. The dnat does not direct external users using the public ip to private ip:port. The loopback it auto creates with the wizard also does not allow internal users to access the private ip:port using the public ip:port. I shouldn't have to click more than 3 times to create a nat rule for a simple port forward.
Hi Modo, I'm sorry that you're having issues with the DNAT. The wizard was created for an easy way to get DNAT configured. If it's not working for you, kindly reach out to our Support team so they can assist you - support.sophos.com
Here's what confuses utm users: 1) no such thing as a linked nat rule. In utm we create nat rule and firewall rule gets created automatically so its the exact opposite here. Here u create firewall rule and a linked nat rule shows up. 2) in utm to make dnat, the destination in firewall rule is set to the server itself, in XG it is set to wan interface. In XG it is confusing to have firewall rule with destination zone as LAN and destination network as the wan interface. And in utm we dont have to set inbound and outbound interface in the dnat rule. 3) using assistant in XG dnat creates loopback and reflexive rules, while when the woman in video did not check on both of them when she created the dnat manually. So which is the right configuration? Should she have made a check on both?
When using the DNAT Server Access assistant, by default it will create the Loopback and Reflexive rule, however it is not necessary/mandatory to configure this when doing it manually, the Loopback rule, allows the internal users access an internal server using the external interface, the reflexive rule allows the traffic server to start and be initiated from the destination zone to the source zone, in other words allows the server to start the traffic. Those 2 are optional rules, if useing the DNAT assistant, you can delete them afterwards.
Confusing as hell -- the old way was much easier to understand. Example: on a decoupled NAT-FW rules, how to do you know which FW entry to with witch NAT. Most of my entries don't work right.
Hey Anthony, please check out our documentation on the topic here docs.sophos.com/nsg/sophos-firewall/18.0/releasenotes/en-us/nsg/sfos/releasenotes/rn_NATRulesManage.html Let us know if you have any specific questions about functionality
Hi there, For sending your 2nd Subnet to secondary WAN, please see the following links: 1. docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Routing/SDWANPolicyRouting/index.html#route-precedence 2. techvids.sophos.com/watch/wa9zCk2gTKVmiekmybyux7
Either this linked NAT rule feature is really stupid, or the person describing how to set it up doesn't know what they're talking about. Maybe they just hire voice-over actors to describe networking concepts.
This change has made me reluctant moving my clients to V18. Hope it can be more simplified. I keep coming to watch this. Also add step by step guide instead of having to watch the whole video
Thanks for your feedback, we'll forward this over to product management.
Deployed an Astaro device in early 2012, that became the Sophos UTM. Migrated that to a software license and deployed on our own hardware when the orange box just wasn't man enough hardware-wise. Recently migrated to an XG device. Finally you're bringing the features I had on the UTM for the past 7 years to this apparent 'upgrade'. The UTM was a far superior product in my opinion, and judging by the current state of the XG it'll be many years before the features and control I had are implemented. XG just feels like a fisher price 'my first firewall' more designed for home use than to be deployed into a corporate network.
Thanks for your feedback, we'll forward this over to product management.
So, as a home user, I am testing XG because it allows me to block certain things to my kid's computers and enforce access times and what not. I also like that I can view where the traffic is coming from. But holy shit, I just want to do some basic port forwarding so that I can open up my NAT type in video games. Something so simple should not be made so complicated. I've tried several guides on the forums and here, but nothing pertain to that at all. Or they straight up just don't work at all. Would love a step by step on something more simple
Did you get a solution?
Exactly my problem, everything is so over-complicated. I know more about UTM's than I do XG and I have never once studied anything to do with the UTM but I actually completed the XG course and still, I know much more about UTM's. I think soon we will be pulling the XG's out
@@robbieels6628 Nope - just switched to other solutions
ease of management??? By no stretch of the imagination can this software be considered easy to manage in any context. Why would you force all users to have to deal with the complexity of a minority of advanced use cases? You've made the lowest common denominator be the upper limit of functionality. You shouldn't have to try and find a tutorial to do a simple port forwarding.
Thanks for your feedback, we'll forward this over to product management.
man, you made this so complicated....
Thanks for the comment Double DD,
Let us know which part you found complicated, so we can keep it in mind for the future!
I agree. Small networks do not need this confusing complexity. I love the SG because it's simple, fast and rock solid.
Even the latest SonicWALL OS is easier to understand than the XG.
this is why we threw all the Sophos crap in the bin and replaced everything with Palo Alto... BEST. DECISION. EVER.
The latest update broke my FW and NAT configuration.
And this new "how to" is just awful - with ambiguous port examples and definitions, and super slow narration - even for IP addresses (really...?)
This was figuratively painful to have to sit through. Even more painful is to have to reconfigure ALL FW rules and NAT entries after this update fubared 'em.
As others have indicated, simple port forwarding shouldn't require a UA-cam video dialogue that traverses multiple configuration pages and drop-down options.
And an update shouldn't break existing functionality.
Makes me wonder if they hired a new Product Manager from Cisco.
Wow, something so simple as port forwarding is a nightmare with this. Nothing about this works. The dnat does not direct external users using the public ip to private ip:port. The loopback it auto creates with the wizard also does not allow internal users to access the private ip:port using the public ip:port. I shouldn't have to click more than 3 times to create a nat rule for a simple port forward.
Hi Modo, I'm sorry that you're having issues with the DNAT. The wizard was created for an easy way to get DNAT configured. If it's not working for you, kindly reach out to our Support team so they can assist you - support.sophos.com
Here's what confuses utm users:
1) no such thing as a linked nat rule. In utm we create nat rule and firewall rule gets created automatically so its the exact opposite here. Here u create firewall rule and a linked nat rule shows up.
2) in utm to make dnat, the destination in firewall rule is set to the server itself, in XG it is set to wan interface. In XG it is confusing to have firewall rule with destination zone as LAN and destination network as the wan interface. And in utm we dont have to set inbound and outbound interface in the dnat rule.
3) using assistant in XG dnat creates loopback and reflexive rules, while when the woman in video did not check on both of them when she created the dnat manually. So which is the right configuration? Should she have made a check on both?
When using the DNAT Server Access assistant, by default it will create the Loopback and Reflexive rule, however it is not necessary/mandatory to configure this when doing it manually, the Loopback rule, allows the internal users access an internal server using the external interface, the reflexive rule allows the traffic server to start and be initiated from the destination zone to the source zone, in other words allows the server to start the traffic. Those 2 are optional rules, if useing the DNAT assistant, you can delete them afterwards.
Confusing as hell -- the old way was much easier to understand. Example: on a decoupled NAT-FW rules, how to do you know which FW entry to with witch NAT. Most of my entries don't work right.
Hi Stephen, You may refer to 5:30 in the video on how to check which FW rule is link to the NAT Rule
Can you guys please explain "Override source translation (SNAT) for specific outbound interfaces" does in DETAIL, including use cases? Thank you
Hey Anthony, please check out our documentation on the topic here docs.sophos.com/nsg/sophos-firewall/18.0/releasenotes/en-us/nsg/sfos/releasenotes/rn_NATRulesManage.html
Let us know if you have any specific questions about functionality
The subtitles are out of sync... :(
Migration (v17) to (v18) is worst
I'm still getting destination service doesn't match
HOW can u send secondary lan subnet from port to a secondary Wan?
Hi there,
For sending your 2nd Subnet to secondary WAN, please see the following links:
1. docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Routing/SDWANPolicyRouting/index.html#route-precedence
2. techvids.sophos.com/watch/wa9zCk2gTKVmiekmybyux7
Before it was very easy and functional, this version 18 is terrible to do nat, when nat and filter rule were together it was much better
Hi Emerson, we appreciate the feedback and will use that to better improve the functionality!
I have to support this Atrocity, and two years later -- Sophos v18 still sucks!
Either this linked NAT rule feature is really stupid, or the person describing how to set it up doesn't know what they're talking about. Maybe they just hire voice-over actors to describe networking concepts.
Thanks for the feedback Brian,
Let us know how we can improve this video so we can keep it in mind for the future!
This is the worst firewall gui and also mindset Ive ever seen.
Sorry to hear!
we have no time for this games