Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
We'd love to hear about it! Click here to go to the product suggestion community
here is my topology (Hyper-V).
Internal (192.168.88.0/24) -----------------------UTM-------------External (router)-----------Internet
External (WAN)[Up]on eth1[192.168.7.104/24]MTU 1500 · DEFAULT GW 192.168.7.1Added by installation wizard
Internal[Up]on eth0[192.168.88.1/24]MTU 1500Auto-created on installation
There is no traffic going through the UTM. I can ping it and web access it from a LAN PC, however, there is no traffic going through it. The traffic is not hitting the UTM, I even enabled traceroute/icmp on UTM and tried tracert and it times out with *.
When I check the traffic monitor (internal in), I can see pings when I ping 192.168.88.1, however, there is no info when I try to ping the Internet or web access anything (DNS fails stragith away).
Am I missing something obvious? The DG on the PC points to 192.168.88.1 but no traffic.
please post the output from "route print".
looks like your traffic try to go other ways...
are you able to ping 192.168.7.1 from UTM? (support -> tools -> Ping check)
In reply to dirkkotte:
I can ping the Internet from the UTM, no problem.
PING 126.96.36.199 (188.8.131.52) 56(84) bytes of data.64 bytes from 184.108.40.206: icmp_seq=1 ttl=121 time=72.1 ms64 bytes from 220.127.116.11: icmp_seq=2 ttl=121 time=81.0 ms64 bytes from 18.104.22.168: icmp_seq=3 ttl=121 time=55.5 ms64 bytes from 22.214.171.124: icmp_seq=4 ttl=121 time=94.0 ms64 bytes from 126.96.36.199: icmp_seq=5 ttl=121 time=83.0 ms
The problem is that from a local PC (192.168.88.x) - I can web access the UTM and ping it, but when I try to access antything else, seems that UTM ignores all that traffic. I tried from a physical laptop - the same problem - I can web access the UTM but anything that is supposed to go through the UTM - does not reach it or gets dropped.
it literally behaves like there was an incorrect default gateway on the PC.
I did configure it as 192.168.88.1 on PCs.
In reply to Mmm M:
try route print ...
seen incorrect static routes (or routes learned by ICMP-redirect) already.
Also a router configured with proxy-arp may by the cause.
You may use ssh to the UTM an check incomming traffic with tcpdump
You mean a routing table on the PC? I did check that, it looks good:
IPv4 Route Table===========================================================================Active Routes:Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.88.1 192.168.88.44 281 127.0.0.0 255.0.0.0 On-link 127.0.0.1 331 127.0.0.1 255.255.255.255 On-link 127.0.0.1 331 127.255.255.255 255.255.255.255 On-link 127.0.0.1 331 192.168.88.0 255.255.255.0 On-link 192.168.88.44 281 192.168.88.44 255.255.255.255 On-link 192.168.88.44 281 192.168.88.255 255.255.255.255 On-link 192.168.88.44 281 188.8.131.52 240.0.0.0 On-link 127.0.0.1 331 184.108.40.206 240.0.0.0 On-link 192.168.88.44 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 331 255.255.255.255 255.255.255.255 On-link 192.168.88.44 281===========================================================================Persistent Routes: Network Address Netmask Gateway Address Metric 0.0.0.0 0.0.0.0 192.168.88.1 Default===========================================================================
Proxy-arp... There is no router on 192.168.88.0, I did that on purpose to make sure this is a unique subnet.
Whats more - I can https to the UTM from that PC no problems :/
Looks like a Hyper-V issue... installed with VirtualBox.