Skip to content

Port Forwarding

If you’re hosting services that you want to publicly access you will need to port-forward at the Firewall level. This guide will remain universal regardless of the ports you’re looking to open as the process is the same, it will be highlighted where certain variables need to be changed.

You will need to first login to the Sophos control panel, this can either be done via https://cloud.sophos.com or via the internal administrative IP:port configured during the setup process.

Defining Hosts

Firstly, select the ‘Hosts and services’ tab on the left hand side within the UI. From here ensure you’re under the ‘IP Host’ tab.

  • Select ‘Add’
  • Ensure the following has been completed
    • Name - ‘(VM hostname)‘
    • IP Version - ‘IPv4’
    • Type - ‘IP’
    • IP Address - ‘(Internal VM IP)‘
  • Select ‘Save’

This will allow us to use DNAT wizard within the Sophos UI.

Configuring Rules

Selct ‘Rules and policies’ on the left hand side within the UI and ensure you’re on the ‘Firewall rules’ tab.

  • Select ‘Add firewall rule’
  • Select ‘Server access assistant (DNAT)‘
  • Select the (IP HOST) we defined in the step above
  • Select ‘Next’
  • Select ‘#Port2’ from the WAN interface dropdown
  • Select ‘Add new item’ from the Services menu
  • Select your desired service to open to the internet
    • It is advised not to use ‘ANY’ and instead define your own service(s)
  • Select ‘ANY’ as the External source unless you want to restrict the IPs that can access this service
  • Select ‘Save and Finish’

You can check the service is reachable from an external network by using a port checker, if the result comes back ‘open’ everything has worked successfully.

Define Service (Optional)

Selct ‘Hosts and services’ on the left hand side within the UI and ensure you’re on the ‘Services’ tab.

  • Select ‘Add’
  • Select ‘Next’
  • Ensure the following has been completed
    • Name - ‘(Service name)‘
    • Type - ‘TCP/UDP’
    • Protocol - ‘(Select TCP / UDP as needed)‘
    • Source Port - ‘Leave unchanged’
    • Destination Port - ‘(Service port)‘
  • Select ‘Save and Finish’