Do you recognize a good idea when you see one? We want to hear from you!
Header Image

I suggest you ...

Allow multiple networks for Masquerade Rules

We have dozens of RED devices. Adding individual NAT Masquerade Rules is very tedious when you can only select a SINGLE source object per rule. Would be nice to have a single Masquerade rule with multiple sources so I could just add either a new Network definition to the existing rule.

3 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Josh BarronJosh Barron shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    1 comment

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Alan ToewsAdminAlan Toews (Admin, Sophos Features & Ideas Laboratory) commented  ·   ·  Flag as inappropriate

        This is already possible by either using a group definition in the NAT rule, or using "Any" as the source network. In this case, Any is quite safe to use, so long as you are restricting any traffic you don't want to allow outbound with firewall rules. Using Any as the source network just means that any packet that is allowed to pass through the interface will be masqueraded.

        There are some cases where adding just specific hosts or networks to the masq rule wold be useful, though, so this is still a useful idea. while not necessary, it would simplify rule management a little in these cases.

      Feedback and Knowledge Base