Sophos XG D-NAT Configuration for Secondary ISP

From Notes_Wiki

Home > Enterprise security devices or applications > Sophos Firewall or IPS > Sophos XG D-NAT Configuration for Secondary ISP

Configure D-NAT Policies for the Secondary ISP

Open Firewall Rules Section

  1. Navigate to the top menu and go to: Rules and Policies > Firewall Rules.

Add New D-NAT Rule

  1. Click on the Add Firewall Rule button.
  2. From the list of options, select Server Assistant (D-NAT).

Enter Internal Server IP

  1. In the Server Details window, enter the Private IP address of the internal server that needs to be accessed from outside.
  2. Click on Next.

Choose Public IP (from ISP)

  1. In the Public IP Assignment section, select the appropriate Public IP address from the ISP through which the server should be accessible.
  2. Click on Next.

(Optional) Select Required Services

  1. If needed, select specific Services (e.g., HTTP, HTTPS, RDP).
  2. Click on Next.

Define External Source Access

  1. In the Source Access screen, select ANY under External Source Networks and Devices to allow traffic from any public source.
  2. Click on Next.

Review and Save Configuration

  1. On the Review Summary page, cross-verify all the entered details.
  2. Click on Save and Finish.

Verify Rule Creation

  1. After saving, go to:
    1. Rules and Policies > Firewall Rules to confirm the new rule.
    2. Rules and Policies > NAT Rules to verify that the corresponding D-NAT rule has been created.

Validation

  1. The configured server should now be accessible:
    1. Internally (from the local network)
    2. Externally (from the internet via the selected ISP public IP)

Home > Enterprise security devices or applications > Sophos Firewall or IPS > Sophos XG D-NAT Configuration for Secondary ISP