Cannot access to internet or to the gateway when setup XG as bridge

Hello,

I'm using xg-firewall V17.1.4 and i setup it as bridge succefully, to enable DHCP leasing ip, i setup two rules on the firewall https://community.sophos.com/kb/en-us/122983 and the client machine got ip from the router that deliver ip but i face some problems :

- I cannot access to internet from client under XG, i cannot ever ping google;

- from the desktop under XG I cannot ping other desktop that are directly connected to the router even if there are on the same network and vice-versa (they cannot ping the machine other XG too), it show 100% packets receive but it display host unreachable;

- from the desktop under XG I cannot ping his gateway (ip of the router that make the dhcp);

- some rule are described as "firewall rule" and other one "appliance access". what's the difference

 

When i look to the log i cannot see what is the problem, i only see that ping to gateway show destination ip is the broadcast adress. Thanks for your help

  • Hi,

    have you setup any rules that allow traffic through the XG to the internet?

    Ian

  • In reply to rfcat_vk:

    Hi,

    I setup a rule LAN to WAN and i think it's that rule is used to broadcast when a client find a dhcp. The ping with the gateway fail ... unreacheable host. i specify all details  in my message

  • In reply to Patrick MAMIA:

    Your original message only talked about DHCP, not general internet traffic.

    Appliance access is how people access the management functions of the XG or what features you have enabled on the XG to manage the through traffic of users.

    Firewall rules are what allow the traffic through the XG, then there are policies used within firewall rules.

    Ian

  • In reply to rfcat_vk:

    Please look at my detailed rules for LAN to WAN and WAN to LAN. The problem persist. No ping, no access to internet

     

     

     

     

     

  • In reply to Patrick MAMIA:

    Hi Patrick,

    I have very little experience with a bridge configuration. I suspect that you should have the bridge in your gateway field.

    Ian

  • In reply to rfcat_vk:

    rfcat_vk

    Hi Patrick,

    I have very little experience with a bridge configuration. I suspect that you should have the bridge in your gateway field.

    Ian

     

     

    I don't get you well, can you be more specific. The gateway fiel of what? of Client desktop? The gateway of client desktop is filled the DHCP server. As you see in capture i cannot even ping the gateway 192.168.0.1 which is the ISP router.

  • In reply to Patrick MAMIA:

    Hi Patrick,

    the gateway in your firewall rules.

    Ian

  • In reply to rfcat_vk:

    rfcat_vk

    Hi Patrick,

    the gateway in your firewall rules.

    Ian

     

    Hello My firewall is a virtual appliance under Xenserver. After many test i find out that there is an issue communication between host and VM because i cannot install Xen tools. So i look for sophos firewall virtual appliance for Xenserver and i find an installer https://www.sophos.com/fr-fr/mysophos/my-account/network-protection/download-installers.aspx.

    It's a zip file. Do someone know how to use it or install it, from now i always use the complete ISO of XG.

    Thanks