PLEASE READ Advisory: Kernel memory issue affecting multiple OS (aka F**CKWIT, KAISER, KPTI, Meltdown & Spectre) for the latest updates.
We'd love to hear about it! Click here to go to the product suggestion community
New to XG Firewall, and trying to resolve an issue.
Another Tech setup this XG135 Firewall, and configured a Bridge Interface for ports 1 and 3-8. Routing is enabled on the Bridge.
We are seeing issues with LAN to LAN communication. The Firewall is blocking access to other LAN devices.
We want to allow all LAN to LAN traffic without filtering.
There is one cable connected to the Switch, on XG port 2.
How can we remove the Bridge, and just have a LAN Interface on Port 2? Can we re-configure it without disruption to users?
Can we just uncheck "Enable routing on this bridge pair" to disable LAN-to-LAN filtering? Will that cause disruption?
In reply to Eric Swisher:
Hi Eric Swisher
Unfortunately the removal of the bridge will result in network disruption to your clients. Prior to performing this, ensure that you still have access to the device via the WAN port or via Console access. May I ask if you are still experiencing this LAN-to-LAN communication issue after creating a LAN to LAN allow firewall rule?
Regards,FloSupport | Community Support Engineer
In reply to FloSupport:
FloSupportMay I ask if you are still experiencing this LAN-to-LAN communication issue after creating a LAN to LAN allow firewall rule?
According to the Client, yes.
Created a Firewall rule for Source Zone LAN, Source Network Any, Destination Zone LAN, Destination Network Any, Services Any, Uncheck Match Known Users, No Malware Scanning, Everything else None.
Based on your description, that firewall rule should allow access for this traffic. What are you able to observe on the Packet Capture tool available on the GUI? Does it describe any traffic violations?
We removed the Bridge and set Port1 as the LAN.
Client is still reporting an ActiveX Control installation via browser to their internal Phone Server (192.168.14.x IP) is being blocked by Sophos Web Protection, as a restricted file type.
At this point we do not want any kind of filtering on LAN devices.
We already have the Phone Server IP entered in Web Exceptions for HTTPS Decryption, Malware / Content Scanning, Sandstorm and Policy Checks.
You need to setup a firewall rule that does not have any http functions ticked, web or application.
Hey Eric Swisher
Is Sophos Endpoint also installed on your client's PCs? Just wanted to confirm that this block is not being caused by it's Web Protection feature.You mention that you do not want any kind of filtering for LAN to LAN communication, have you created a LAN to LAN network firewall created with no filtering (web,application) configured?