Sophos XG Port Forwarding

sophos Nov 12, 2020

Coming from the Sophos UTM the XG looks alot more modern and uses a more modern terminology when it comes to firewall rules, natting and port forwarding.

To Create a port forward firewall rule with a linked NAT is very simple.

Create a Port/Service Group first

Hosts & Services > Services

  1. Add
  2. Enter a Name eg Sonos Ports
  3. Type = TCP/UDP
  4. Protocol = either udp or tcp.
  5. Source Port = Generally i leave it on 1:65535 or you could specify a strict port i.e. 443 for HTTPS
  6. Destination Port = The port for the Internal Server i.e. 443

Rules & Policies > Firewall Rules

  1. Add Firewall Rule > Server access assistant (DNAT)
  2. Internal Server IP = Select your Server IP or Hostname
  3. Public IP = Select your WAN Port
  4. Services = The Ports you wish to forward to the Internal Server that we created earlier
  5. This will automatically generate 3 NAT rules and a Firewall Rule


Great! You've successfully subscribed.
Great! Next, complete checkout for full access.
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.