XG Firewall - No Internet

Hi!

I installed today the XG Firewall on a HP Compaq 6200 Pro Microtower. On Port 1 is my AP for the LAN connected on Port 2 is my LTE Router for Internet connected. The Connections & interfaces section is showing

Interface
Type
Status
Received KBits/s
Transmitted KBits/s
GuestAP
Wireless protection
Unplugged
0.00
0.00
Port1
Physical
Connected, 1000 Mbps - Full Duplex
0.99
0.39
Port2
Physical
Connected, 1000 Mbps - Full Duplex
3.97
2.72
Port3
Physical
Disabled
0.00
0.00

When i disconnect the RJ45 Cable from my LTE Router Port 2 is showing unplugged. So for me it looks like that everything should work. The problem for me is that I can't connect to the internet when I'm connected in the LAN area. I also tried to create a NAT roule with the video on https://vimeo.com/271653505. Can somebody help me to fix the problem?

  • Hi,

    have you created a firewall rule eg source LAN, any, destination WAN, any, MASQ?

    Ian

  • In reply to rfcat_vk:

    Hi, yes the only active rule is

    Rule

    Accept any service going to "WAN" zone, when in "LAN" zone, and coming from any network, scan for malware then check with Sandstorm and log connections, then apply IPS policies

    Source & schedule
    LAN

    Source networks and devices : Any
    During scheduled time : All the time

    Destination & services
    WAN

    Destination networks : Any
    Services : Any

  • In reply to Roland Erler:

    I've checked the firewall and noticed the there is outgoing traffic allowed

    The rule that is used in the Log is

  • In reply to Roland Erler:

     Hi,

    I wiped like to make a couple of suggestions

    1/. no need for a MASQ

    2/. where do the users get their DNS from, should be at least the XG?

    3/. you don't need a fail over, you only have one link as far as I can remember.

    4/. your wan link is showing red because it is trying to test to a device it can't see, use the LTE internal network.

    Ian

  • In reply to rfcat_vk:

    Hi!

    I followed your instructions and switched off MASQ, I changed the DNS (DNS 1 is 192.168.0.254 (The Firewall on Port 1), DNS 2 is 192.168.0.1 (The LTE Router on Port 2), DNS 3 is 8.8.8.8), i also disabled the Failover, but still no Internet access.

    Was I noticed is that the Gateway is green for a few seconds afer a reboot of the firewall and that the firewall with 192.168.0.145 (Port 2 - WAN) is not registert in the DHCP of the LTE Router.

    If I am not completly wrong than the UTM Home Firewall was registert with the IP Adress 192.168.0.145 in the DHCP of the LTE Router. When I connect the AP directly to the LTE Router the the IP is registert and I have Internet Access. When the AP is behind the Firewall, the IP is registerd in the DHCP of the Firewall but I have no Internet Access. I have created a quick network plan with the IP Adresses

  • In reply to Roland Erler:

    Hi,

    you need to change the IP range of your internal network.

    You also said the LTE gateway address is 182.168.0.1 are you using that in WLAN link test?

    What device is providing your DHCP addresses for your LAN?

    Ian

  • In reply to rfcat_vk:

    Hi! 

    Shouldn't everything be in the same IP Range? Am I wrong at this point? It isn't a problem to change the IP Range to 192.168.1.x for example. Should i also change the IP Adress from the Firewall (at the moment 192.168.0.254)?.

    Correct the LTE Router has the IP 192.168.0.1 and this IP Adress is used for the WAN Gateway.

    The Sophos Firewall is doing the DHCP Service for the LAN, all connected devices got IP Adresses

  • In reply to Roland Erler:

    Hi,

    no, each network should have its own IP range.

    Ian

  • In reply to rfcat_vk:

    Hi,

    ok, I'm at work right now, I will try it at home and will let you know.

    Roland

  • In reply to rfcat_vk:

    Hi!

    Thank you so much, I changed the LAN IP Range to 192.168.1.x/24 and DNS to 8.8.8.8 and 8.8.4.4. I can access Internet now from the LAN site. What I noticed now is that the Internet Speed is a little bit slower than direkt connected to the LTE Router. 2 Examples

    Notebook

    LTE Router

    PING
    ms
     
    40
    DOWNLOAD
    Mbps
     
    27.43
    UPLOAD
    Mbps
     
    21.38

    AP (Behind the Firewall)

    PING
    ms
     
    37
    DOWNLOAD
    Mbps
     
    20.81
    UPLOAD
    Mbps
     
    19.91

     

    Galaxy S8

    LTE Router

    PING
    ms
     
    41
    DOWNLOAD
    Mbps
     
    37.4
    UPLOAD
    Mbps
     
    22.2

    AP (Behind the Firewall)

    PING
    ms
     
    55
    DOWNLOAD
    Mbps
     
    23.1
    UPLOAD
    Mbps
     
    20.6

    Is this normal?

    Best regards

  • In reply to Roland Erler:

    Hi,

    this is normal for some users. You will need to tune your IPS settings. Check which ones are showing errors.

    Ian

    fixed trying error.

  • In reply to rfcat_vk:

    Hi,

     

    there are lot of errors but the speed is normal today. Do I have to do anything with these errors?

    Best regards