We'd love to hear about it! Click here to go to the product suggestion community
try to build up my first solution with BGP and a I´m bit sad … some Things dont work.
Sophos XG as Gateway Firewall.
2 BGP Partner .. 2 Public Networks to announce. an 20 VLAN with private Networks behind the XG.
What ist working …
I got the BGP Working, i createt some dnat rules to bring the traffic from the local Network into the Internet.
What don´t work.
I can not Register the Sohos XG .. because it has no WAN Interface. ( ? )
I have build all as LAN Interfaces ..the 2 BGP Interfaces and the "real" Lan Interface.
If i want to Register the Sophos says .. "Register Server is not reachable".
I can also not ping a host into the Internet from Diagnosis of the XG.
From a Client with a privat IP that goes over the DNAT Rule .. everything works fine with Internet an ping.
I think the is a Basic "Default Route" missing .. but how can i set a Default route with BGP because i have no WAN Interface and only
virtual 2 Networks with public IP´s .
Is is necessary to set one of the physical Interfaces with a IP from the Public Pool ?
My Public Pool ist 195.37.XX.0/23 ..
My old Cisco Router had on one interface the IP 195.37.XX.1 and our Layer 3 Switch which terminated the VLANS had this IP as the Default route.
Now i want to terminate all VLAN´s on the Sophos XG .. ( it works) but how can i bring the public Network inside,
because we have some devices in our Network that Need a IP from the Public Pool (195.37.XX.0/23)
If you understand my litlle confuse Questions .. im very happy for every tip.
In reply to Christian Kolbe:
Then check the Licensing tab. Maybe you see the reason for the Sync Issue there.
In reply to ManBearPig:
Look at screenshot .. he tries to connect to an other Server .. but which ?
Can i monitor the whole sys traffic to see which Servers the XG want to contact ?
In System LOG via GUI i have also the message that no updates found .. so some more IP's for the
advanced Firewall sys traffic RULE
after finding the third Server that is alias from
and put all entrys via the
advanced Firewall sys nat rule ..
The registration worked…
Now i have to find the Servers for updates .. :-(
Did you resolve all the IPs from the KBA and add them as Sys-Nat ?
that are a lot of Servers ….
is it not possible to make a 0.0.0.0/0.0.0.0 for the sysnat rule ?
Would suggest a workaround via SFM.
Its free - You can provide a "Content Cache" for all XGs. So you build 1 Sys-nat rule to SFM and SFm will use the NAT rule from behind the XG. Should be easier.
THX for the tip.
I will try the SFM .