A new feature in UTM v9 allows you to create 1:1 NAT rules. 1:1 NAT allows the UTM to forward traffic destined for any host on a particular network to a corresponding host on a different network. Please follow the steps below to create such a rule. Known to apply to the following Sophos product(s) and version(s)
Sophos UTM v9
What To Do
- Go to Network Protection | NAT | New NAT rule.
- Select Rule Type: 1:1 NAT (Whole Network).
- Select the matching conditions:
- For traffic from: select the source network or range that this rule applies to.
- Using Service: select a service to which the rule should match.
- Going to: select the destination network or range that this rule applies to.
- Now select the Action:
- 1:1 NAT mode: Destination or Source Mapping (for changing the destination or source IP)
- MAP to: Select the network you want to translate the original IP addresses into
- Activate 'Automatic Firewall rule' to create the corresponding packetfilter rule automatically. Otherwise you have to create that rule manually.
The subnet mask of the networks "For traffic from" and "Map to" must be the same. For example, it is not possible to map a /16 mask network to a /24 mask network. Also, you must add an entire network into the 'For traffic from' field, when you want to map the source, or into the field 'Going to' when you want to map the destination.