  • I'm having some trouble with plex being indirect from outside my network when Packet filtering is enabled. Currently my network is as follows:

    Internet > Sophos XG (Edge Firewall) > PFSense (handles internal routing) > Multi-vlans

    If packet filtering is off on pfsense plex is perfectly fine however if it is turned on plex becomes indirect even with adding in the advanced custom section. The routing at present goes as follows:

    plex > pfsense (internal interface > sophos xg (internal interface) > internet (via sophos wan interface).

    The pfsense wan interface is not in use here and the pfsense gateway is set to use sophos xg. At present i haven't been able to figure out what else i need to do to get plex to not be indirect. I had the same issue even when just using pfsense as the edge firewall and adding to unbound.


  • Hi,

    I assume you're connected to your ISP via a router?

    plex > pfsense (internal interface > sophos xg (internal interface) > internet (via sophos wan interface) - <router here or modem???>).

    Which make and model is your router or are you using a modem?


    Sorry, I missed you're Sophos XG (Edge Firewall) - looks like you have a double NAT issue - (if not triple NAT (if that's possible) if you are also using a router with NAT).

    I had this issue as I couldn't turn NAT on my router off. Replaced router with a modem to resolve my issue. This may be helpful:

    Good luck!</router>

  • I've got a comcast business modem where I have put the Sophos XG WAN interface in the DMZ and everything works just fine when packet filtering is turned off on the pfsense side. The goal is to use pfsense to isolate/route between the different vlans and have sophos maintain the firewall aspect.

    I have gone through that and haven't had success even with pfsense as the Edge and in the DMZ of the comcast modem the problem persisted. From what I can tell I don't see a NAT issue (Sophos XG is handling correctly, and PFsense does not have NAT enabled) but are there other areas in PFSense I can check for that?

    –-Topology Update---

    Comcast modem <> Sophos XG (Edge Firewall. This is listed in the Comcast Modem DMZ) <> PFSense (Handles vlans and inter-vlan routing. Currently has both packet filtering and nat disabled which is causing the vlans to be able to speak to each either versus follow the rules that are in place.) <> Various vlans.

