Sophos V18 - Firewall and NAT rules

  Рет қаралды 16,600

Mike Faucher

Mike Faucher

Күн бұрын

Пікірлер: 33
@renjithknair7724
@renjithknair7724 4 жыл бұрын
Hoping more videos on SFOS V18 waiting for that. Thank You
@MikeFaucher
@MikeFaucher 4 жыл бұрын
Thank you for the feedback.
@danpowell7421
@danpowell7421 3 жыл бұрын
Hey Mike, This video is awesome - Very clear and makes perfect sense. Thanks for sharing
@MikeFaucher
@MikeFaucher 3 жыл бұрын
Great to hear and thanks for the feedback.
@canadianwildlifeservice8883
@canadianwildlifeservice8883 Жыл бұрын
Original Destination being the WAN port actually makes sense since everything going to your firewall will be "destined" to your WAN port since private IP addresses (the LAN) are not routable over the internet. Therefore NAT translation always occurs with IPv4.
@MikeFaucher
@MikeFaucher Жыл бұрын
Thanks for your input.
@michaelschmidt61
@michaelschmidt61 3 жыл бұрын
Hello, Mike, I would like to learn something about creating users and linking clients to the Sophos firewall.
@MikeFaucher
@MikeFaucher 3 жыл бұрын
Thanks. I will add it to my list of features to cover. Thanks.
@robbetto9776
@robbetto9776 2 жыл бұрын
Thanks for the video, can you please tell me if it is mandatory to link a nat rule to a firewall policy? Is there a best practice? Thanks
@MikeFaucher
@MikeFaucher 2 жыл бұрын
If you only have one internet provider, it is best and easiest to use one default NAT rule and not create a linked rule. The only exception are things like port forwarding. In my situation, I have only one NAT rule that handles all outgoing traffic from my LANS and VLANs.
@reinaldoremedios5771
@reinaldoremedios5771 3 жыл бұрын
Hey Mike, great video. However, there is something that I have not been able to find in any video for Sophos which is how to configure Port Forwarding for a TCP or UDP port range. I am not referring to one port or a list of single ports, but to a port range, ex. 10000-20000. Is it that possible with Sophos XG v.18?
@MikeFaucher
@MikeFaucher 3 жыл бұрын
Thanks for the feedback. Yes it is possible. You can just create a new service (under host and services) with a UDP protocol, Source port would be the same 1:65535, and the destination port would be 10000:20000 and save it. Then just call out the service like I did in the example but since the service is a range, it will use the ranges. Hope that helps.
@stephend3961
@stephend3961 2 жыл бұрын
Unless the Firewall rule and NAT rule are linked together, I still don't see or understand how to determine which rules are working together. How does the Firewall rule know which NAT rule to use, or which NAT rule and which Firewall rule goes together. Very confusing.
@MikeFaucher
@MikeFaucher 2 жыл бұрын
If you look at video I created one default NAT rule. If no linked rule is created then it uses the default rule
@michaelschmidt61
@michaelschmidt61 3 жыл бұрын
Hallo Mike, thank you vermy much fore this excellent tutorial. Hoping to see more of your videos. Michael Schmidt
@MikeFaucher
@MikeFaucher 3 жыл бұрын
Thanks for the feedback. Let me know which topics you would like to see.
@michaelschmidt61
@michaelschmidt61 3 жыл бұрын
@@MikeFaucher Hallo Mike, i started first time by working with an firewall on my network. So the number of my questions is very divers, for example an introduktion to thecreation of users, the connecting to my devices. I don´t have any neywork ads on my admin workspace. A link to an existing video would help too. Best wishes Michael
@MikeFaucher
@MikeFaucher 3 жыл бұрын
@@michaelschmidt61 Thanks for the feedback and I will post if I come up with anything.
@BrownsvilleNotification
@BrownsvilleNotification Жыл бұрын
On your port forward rule, isn't #Port2 your WAN port, I don't understand how LAN and Port2 would be associated as the destination.
@MikeFaucher
@MikeFaucher Жыл бұрын
This is for the return. When something comes in to the internet, the destination is port #2 WAN, which in turn gets forward to the a lan port.
@BrownsvilleNotification
@BrownsvilleNotification Жыл бұрын
@@MikeFaucher Ohh I see, thanks. I would have put Port 1 thinking the source would be from Port 2 but that makes sense.
@mthurtell
@mthurtell 3 жыл бұрын
Hi Mike, Excellent video. Very helpful indeed - the port forwarding is not very intuitive but makes perfect sense. Got a question regarding redirecting ports. Say I want to redirect Port 8000 to 8000, and port 8001 -> 80. TCP (8000) / (8000), TCP (8001) / (80) However if I change the source port to 1:65535 - it sends it straight on through - but obviously without the redirect.
@MikeFaucher
@MikeFaucher 3 жыл бұрын
Thank you. In addtion to the firewall rule, you need a custom NAT rule. The process is basically the same as shown in the video except the NAT rule's original service would be defined as port 80, and the translated services would be 8000/8001. My video show the same port (service) on the original and translated but it does not have to be that way. Hope that helps. BTW, not sure what the application is but it appears it may be cameras and if so I would suggest not putting them on port 80. Good luck.
@johnoyando9087
@johnoyando9087 3 жыл бұрын
How is you mike, my firewall just upgraded to v18, was trying to create a new rule to to allow Alcohol and tobacco websites on my firewall but am not. could you kindly take me through this
@MikeFaucher
@MikeFaucher 3 жыл бұрын
The blocks are coming from your web filtering. Goto the web filter you have assigned to your default rule and edit the categories to remove the block (if it exists) or to add the categories allow. If you refer to my older video (kzbin.info/www/bejne/jpm9fXR-f9-kotk) if covers web filtering. It is for version 17 but the process is basically the same. Hope that helps.
@mystic8607
@mystic8607 4 жыл бұрын
Excellent, thank you for this.
@MikeFaucher
@MikeFaucher 4 жыл бұрын
Glad it was helpful! I have another coming soon.
@Thoxik091
@Thoxik091 3 жыл бұрын
Very useful, thanks a lot !
@MikeFaucher
@MikeFaucher 3 жыл бұрын
Thank you for the feedback. I appreciate it.
@journeyamigos3242
@journeyamigos3242 4 жыл бұрын
Excellent !!
@MikeFaucher
@MikeFaucher 4 жыл бұрын
Thank you for the feedback.
@renjithknair7724
@renjithknair7724 4 жыл бұрын
Today i just migrated my v17 to v18
@MikeFaucher
@MikeFaucher 4 жыл бұрын
Awesome, let us know how it goes and good luck.
Sophos XG WAN Failover
23:44
Mike Faucher
Рет қаралды 8 М.
Sohos XG DNAT RULES (Destination Network Address Translation)
18:44
Computerworx
Рет қаралды 3,8 М.
Cheerleader Transformation That Left Everyone Speechless! #shorts
00:27
Fabiosa Best Lifehacks
Рет қаралды 16 МЛН
Don’t Choose The Wrong Box 😱
00:41
Topper Guild
Рет қаралды 62 МЛН
Sophos XG V17 VPN Setup
22:18
Mike Faucher
Рет қаралды 19 М.
You want a real Name Server at home? // DNS
32:31
Christian Lempa
Рет қаралды 283 М.
Sophos XG v17 Configuration Rules and Filters
56:18
Mike Faucher
Рет қаралды 137 М.
Massive News! Free Network Simulation Tool for Everyone! (Cisco CML)
16:52
Sophos XG Firewall (v18): NAT Enhancements
30:23
Sophos Support
Рет қаралды 70 М.
OAuth 2.0 and OpenID Connect (in plain English)
1:02:17
OktaDev
Рет қаралды 1,8 МЛН
GNS3 Install: VMware Workstation Pro
20:56
David Bombal
Рет қаралды 343 М.