Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
We'd love to hear about it! Click here to go to the product suggestion community
I installed today the XG Firewall on a HP Compaq 6200 Pro Microtower. On Port 1 is my AP for the LAN connected on Port 2 is my LTE Router for Internet connected. The Connections & interfaces section is showing
When i disconnect the RJ45 Cable from my LTE Router Port 2 is showing unplugged. So for me it looks like that everything should work. The problem for me is that I can't connect to the internet when I'm connected in the LAN area. I also tried to create a NAT roule with the video on https://vimeo.com/271653505. Can somebody help me to fix the problem?
have you created a firewall rule eg source LAN, any, destination WAN, any, MASQ?
In reply to rfcat_vk:
Hi, yes the only active rule is
Accept any service going to "WAN" zone, when in "LAN" zone, and coming from any network, scan for malware then check with Sandstorm and log connections, then apply IPS policies
Source networks and devices : AnyDuring scheduled time : All the time
Destination networks : AnyServices : Any
Source : Minimum heartbeat is No restriction, Clients with no heartbeat allowedDestination : Minimum heartbeat is No restriction, Request to destination with no heartbeat allowedMasquerading is ON
In reply to Roland Erler:
I've checked the firewall and noticed the there is outgoing traffic allowed
The rule that is used in the Log is
I wiped like to make a couple of suggestions
1/. no need for a MASQ
2/. where do the users get their DNS from, should be at least the XG?
3/. you don't need a fail over, you only have one link as far as I can remember.
4/. your wan link is showing red because it is trying to test to a device it can't see, use the LTE internal network.
I followed your instructions and switched off MASQ, I changed the DNS (DNS 1 is 192.168.0.254 (The Firewall on Port 1), DNS 2 is 192.168.0.1 (The LTE Router on Port 2), DNS 3 is 22.214.171.124), i also disabled the Failover, but still no Internet access.
Was I noticed is that the Gateway is green for a few seconds afer a reboot of the firewall and that the firewall with 192.168.0.145 (Port 2 - WAN) is not registert in the DHCP of the LTE Router.
If I am not completly wrong than the UTM Home Firewall was registert with the IP Adress 192.168.0.145 in the DHCP of the LTE Router. When I connect the AP directly to the LTE Router the the IP is registert and I have Internet Access. When the AP is behind the Firewall, the IP is registerd in the DHCP of the Firewall but I have no Internet Access. I have created a quick network plan with the IP Adresses
you need to change the IP range of your internal network.
You also said the LTE gateway address is 126.96.36.199 are you using that in WLAN link test?
What device is providing your DHCP addresses for your LAN?
Shouldn't everything be in the same IP Range? Am I wrong at this point? It isn't a problem to change the IP Range to 192.168.1.x for example. Should i also change the IP Adress from the Firewall (at the moment 192.168.0.254)?.
Correct the LTE Router has the IP 192.168.0.1 and this IP Adress is used for the WAN Gateway.
The Sophos Firewall is doing the DHCP Service for the LAN, all connected devices got IP Adresses
no, each network should have its own IP range.
ok, I'm at work right now, I will try it at home and will let you know.
Thank you so much, I changed the LAN IP Range to 192.168.1.x/24 and DNS to 188.8.131.52 and 184.108.40.206. I can access Internet now from the LAN site. What I noticed now is that the Internet Speed is a little bit slower than direkt connected to the LTE Router. 2 Examples
AP (Behind the Firewall)
Is this normal?
this is normal for some users. You will need to tune your IPS settings. Check which ones are showing errors.
fixed trying error.
there are lot of errors but the speed is normal today. Do I have to do anything with these errors?