Opening a range of Ports in Sophos firewall

shekhar3 · 2024-02-16T09:04:35.000Z

have a Sophos Firewall XG115 with Firmware revision 19.5

I am trying to open ports associated with a LAN Host , using DNAT assistant. There is a range of ports to be opened ports 40,000 to 60,000. These ports should be open to internet.

I have created a service with TCP ports 1:65535 (source) 40000:60000 (Destin. port)

Then I have created NAT rule

Inbound DNAT Traffic destined to public IP address (the IP Address) translated to internal server IP address 192.168.10.202

Outbound NAT SNAT : Masquerades outbound traffic from internal server 192.168.10.202 to public IP Address (the IP Address)

Loopback NAT Internal Network uses the same Public IP Address (the IP Address) to access the internal server 192.168.10.202

And creates FIrewall rule allowing Access to 192.168.10.202 from Any outside internet

But this does not work . These ports are shown as closed.

However if I use the same rule to open individual ports , it works

chrisshipley2 · 2024-02-16T13:03:46.000Z

Source port (1:65535) to destination port (40000)

this will work

but it just stops working when you do the range with destination port (40000:60000)?

I would check the NAT rules. Are any of them translating the destination or source port on the NAT rule? You’ll want to make sure there are no translations there, you want to keep the original ports.

My second thought, though less likely, maybe there’s a hidden logical limitation in the port range of like 1024 ports or something. Does a range of (40000:40001) work? how about (40000:40999) work? I’d test smaller and broader ranges to see if I can find a limitation there. I’d start with 2 to see if ANY ranges are working.

ibmactech · 2024-02-20T16:03:57.000Z

Here is a link that I think will take care of what you are asking… something I just ran across…

https://support.sophos.com/support/s/article/KB-000035604?language=en_US

Hope this helps you out…