How to enable access to an internal Jabber or iChat Server in Astaro Security Gateway

  • Article ID: 115907
  • Rating:
  • 1 customers rated this article 1.0 out of 6
  • Updated: 24 May 2012

Jabber is an open standard that provides real-time online communication such as instant messaging.

iChat Server is an implementation of Jabber.

This document describes how to enable access to your Jabber or iChat Server.

Known to apply to the following Sophos product(s) and version(s)

Not product specific

Operating systems
V7, V8

What To Do

1 Create Service Definitions

To create the Service Definitions, navigate to WebAdmin | Definitions | Services | New Definition:

New Definition Name = iChat / AOL IM Service

Destination Port = 5190
Type of Definition= TCP/UDP

New Definition Name = Jabber Service

Destination Port = 5222
Type of Definition= TCP
Save New Definition
Name = XMPP Service
Destination Port = 5269
Type of Definition=TCP

New Definition Name = SNATMAP Service

Destination Port = 678
Type of Definition = UDP

New Definition Name = iChat File Txfr Service

Destination Port = 7777
Type of Definition = TCP

New Definition Name = RDP Service

Destination Port = 16384-16403
Type of Definition = UDP

2. Create Service Group Definition 

New Definition

Name = Jabber / iChate Services Group
Type of Definition = Service Group
Drag in Jabber Service; XMPP Service; SNATMAP Service; iChat File Txfr Service; RDP Service; SIP
Save Create Host Definition

To create the Host Definitions, navigate to 

WebAdmin | Definitions | Hosts | New Definition:

Name = Jabber / iChat Server Host
Type of Definition = Host
Address = Internal IP Address of Jabber / iChat Server

3. Create DNAT rule

WebAdmin | Network Security | NAT | New NAT Rule
Name -Jabber / iChat 

Source = Any

Service = Jabber / iChat Services Group

Destination = External WAN (Address)

Type of Definition = DNAT

Destination = Jabber /iChat Server Host

Enable DNAT rule

You should now be able to connect to your internal Jabber or iChat Server from the internet.

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent