Sophos XG : port forwarding rule


In this tutorial, we are going to create an incoming traffic rule by transferring from a specific port (443).

This type of rule is used for:

  • Publish a web server
  • Inbound SMTP
  • Publish POP / IMAP

The tutorial applies to versions <= 17 of Sophos XG firewall


Before you start creating the rule, you must add the host to the firewall.

In the case of non-standard port, you must also add the service on the firewall.

In the case of website publication, it is possible to use a WAF (reverse proxy) rule. Also, if you want to publish an SMTP, it is recommended to use Email Servers (SMTP) to take advantage of the protection

Create an Inbound Rule

1. From the web interface, go to Firewall 1 then click on Add firewall rule 2 and choose Business application rule 3 .

Add rule

2. Application model choose DNAT / Full NAT / Load Balancing 1 .

Rule model

3. Configure the rule with the following elements:

1 Name the rule
2 Source : WAN
3 Port/IP source
4 Services (ports)
5 Destination servers
6 Server area (LAN/DMZ…)
7 Check the box to record traffic
8 Click on Save.
Rule config

4. The rule is added 1 .

sophos xg port forwarding - rule added

Leave a Comment