Original Destination being the WAN port actually makes sense since everything going to your firewall will be "destined" to your WAN port since private IP addresses (the LAN) are not routable over the internet. Therefore NAT translation always occurs with IPv4.
@@MikeFaucher Hallo Mike, i started first time by working with an firewall on my network. So the number of my questions is very divers, for example an introduktion to thecreation of users, the connecting to my devices. I don´t have any neywork ads on my admin workspace. A link to an existing video would help too. Best wishes Michael
If you only have one internet provider, it is best and easiest to use one default NAT rule and not create a linked rule. The only exception are things like port forwarding. In my situation, I have only one NAT rule that handles all outgoing traffic from my LANS and VLANs.
Hey Mike, great video. However, there is something that I have not been able to find in any video for Sophos which is how to configure Port Forwarding for a TCP or UDP port range. I am not referring to one port or a list of single ports, but to a port range, ex. 10000-20000. Is it that possible with Sophos XG v.18?
Thanks for the feedback. Yes it is possible. You can just create a new service (under host and services) with a UDP protocol, Source port would be the same 1:65535, and the destination port would be 10000:20000 and save it. Then just call out the service like I did in the example but since the service is a range, it will use the ranges. Hope that helps.
Unless the Firewall rule and NAT rule are linked together, I still don't see or understand how to determine which rules are working together. How does the Firewall rule know which NAT rule to use, or which NAT rule and which Firewall rule goes together. Very confusing.
Hi Mike, Excellent video. Very helpful indeed - the port forwarding is not very intuitive but makes perfect sense. Got a question regarding redirecting ports. Say I want to redirect Port 8000 to 8000, and port 8001 -> 80. TCP (8000) / (8000), TCP (8001) / (80) However if I change the source port to 1:65535 - it sends it straight on through - but obviously without the redirect.
Thank you. In addtion to the firewall rule, you need a custom NAT rule. The process is basically the same as shown in the video except the NAT rule's original service would be defined as port 80, and the translated services would be 8000/8001. My video show the same port (service) on the original and translated but it does not have to be that way. Hope that helps. BTW, not sure what the application is but it appears it may be cameras and if so I would suggest not putting them on port 80. Good luck.
How is you mike, my firewall just upgraded to v18, was trying to create a new rule to to allow Alcohol and tobacco websites on my firewall but am not. could you kindly take me through this
The blocks are coming from your web filtering. Goto the web filter you have assigned to your default rule and edit the categories to remove the block (if it exists) or to add the categories allow. If you refer to my older video (ua-cam.com/video/XhZLAHJzqlw/v-deo.html) if covers web filtering. It is for version 17 but the process is basically the same. Hope that helps.
Hoping more videos on SFOS V18 waiting for that. Thank You
Thank you for the feedback.
Original Destination being the WAN port actually makes sense since everything going to your firewall will be "destined" to your WAN port since private IP addresses (the LAN) are not routable over the internet. Therefore NAT translation always occurs with IPv4.
Thanks for your input.
Hey Mike,
This video is awesome - Very clear and makes perfect sense.
Thanks for sharing
Great to hear and thanks for the feedback.
Hallo Mike, thank you vermy much fore this excellent tutorial. Hoping to see more of your videos. Michael Schmidt
Thanks for the feedback. Let me know which topics you would like to see.
@@MikeFaucher Hallo Mike, i started first time by working with an firewall on my network. So the number of my questions is very divers, for example an introduktion to thecreation of users, the connecting to my devices. I don´t have any neywork ads on my admin workspace. A link to an existing video would help too. Best wishes Michael
@@michaelschmidt61 Thanks for the feedback and I will post if I come up with anything.
Thanks for the video, can you please tell me if it is mandatory to link a nat rule to a firewall policy? Is there a best practice? Thanks
If you only have one internet provider, it is best and easiest to use one default NAT rule and not create a linked rule. The only exception are things like port forwarding. In my situation, I have only one NAT rule that handles all outgoing traffic from my LANS and VLANs.
Hey Mike, great video. However, there is something that I have not been able to find in any video for Sophos which is how to configure Port Forwarding for a TCP or UDP port range. I am not referring to one port or a list of single ports, but to a port range, ex. 10000-20000. Is it that possible with Sophos XG v.18?
Thanks for the feedback. Yes it is possible. You can just create a new service (under host and services) with a UDP protocol, Source port would be the same 1:65535, and the destination port would be 10000:20000 and save it. Then just call out the service like I did in the example but since the service is a range, it will use the ranges. Hope that helps.
Unless the Firewall rule and NAT rule are linked together, I still don't see or understand how to determine which rules are working together. How does the Firewall rule know which NAT rule to use, or which NAT rule and which Firewall rule goes together. Very confusing.
If you look at video I created one default NAT rule. If no linked rule is created then it uses the default rule
Hi Mike,
Excellent video. Very helpful indeed - the port forwarding is not very intuitive but makes perfect sense.
Got a question regarding redirecting ports.
Say I want to redirect Port 8000 to 8000, and port 8001 -> 80.
TCP (8000) / (8000), TCP (8001) / (80)
However if I change the source port to 1:65535 - it sends it straight on through - but obviously without the redirect.
Thank you. In addtion to the firewall rule, you need a custom NAT rule. The process is basically the same as shown in the video except the NAT rule's original service would be defined as port 80, and the translated services would be 8000/8001. My video show the same port (service) on the original and translated but it does not have to be that way. Hope that helps. BTW, not sure what the application is but it appears it may be cameras and if so I would suggest not putting them on port 80. Good luck.
On your port forward rule, isn't #Port2 your WAN port, I don't understand how LAN and Port2 would be associated as the destination.
This is for the return. When something comes in to the internet, the destination is port #2 WAN, which in turn gets forward to the a lan port.
@@MikeFaucher Ohh I see, thanks. I would have put Port 1 thinking the source would be from Port 2 but that makes sense.
Excellent, thank you for this.
Glad it was helpful! I have another coming soon.
Hello, Mike, I would like to learn something about creating users and linking clients to the Sophos firewall.
Thanks. I will add it to my list of features to cover. Thanks.
How is you mike, my firewall just upgraded to v18, was trying to create a new rule to to allow Alcohol and tobacco websites on my firewall but am not. could you kindly take me through this
The blocks are coming from your web filtering. Goto the web filter you have assigned to your default rule and edit the categories to remove the block (if it exists) or to add the categories allow. If you refer to my older video (ua-cam.com/video/XhZLAHJzqlw/v-deo.html) if covers web filtering. It is for version 17 but the process is basically the same. Hope that helps.
Very useful, thanks a lot !
Thank you for the feedback. I appreciate it.
Excellent !!
Thank you for the feedback.
Today i just migrated my v17 to v18
Awesome, let us know how it goes and good luck.