Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

New XG setup... accessing admin portal different subnet.

Sorry for this as I’m probably doing something (really) stupid.

We have done the following, but unable to access the XG firewall admin panel/IP via a different subnet on the network. I can access other services on the subnet of the XG, just not the XG

We are running Meraki switches for our network.

Firewall setup from fresh install

Created as firewall mode, not bridge

Port 1 setup with static IP of 10.4.1.240 and “LAN” zone, plugged direct into switch (this is our server vlan)

I can see and login to the admin panel on the firewall on 10.4.1.240:4444 from a server on the same subnet/vlan

From my own PC, I’m on a different VLAN and using the 10.16.50.x range. I can view any other service on the 10.4.1.xx range (such as webmail, wsus, iis etc)

However, I can not see the XG on 10.4.1.240, or ping it.

Am I missing something on the firewall so can access from different vlan/subnet?

Know this is prob something stupid to fix!

Thanks

Matt



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi Mb78,

    If you are able to access resources in LAN network from VLAN and routing is correct you should be able to connect to the WebAdmin.

    Do you have LAN to LAN firewall rule configured with Any services? 


    Is this VLAN 10.16.50.X part of the LAN zone?

    Navigate to diagnostics > Packet Capture > Configure > type host <Source IP address> and port 4444, now try to access the WebAdmin and share the screenshot of the output.

    Thanks,

     

Reply
  • FormerMember
    0 FormerMember

    Hi Mb78,

    If you are able to access resources in LAN network from VLAN and routing is correct you should be able to connect to the WebAdmin.

    Do you have LAN to LAN firewall rule configured with Any services? 


    Is this VLAN 10.16.50.X part of the LAN zone?

    Navigate to diagnostics > Packet Capture > Configure > type host <Source IP address> and port 4444, now try to access the WebAdmin and share the screenshot of the output.

    Thanks,

     

Children
  • Thanks for response, I’ll log in and take a look

    There are no rules or anything (apart from Port 1 IP setup) in XG so far, it’s literally new install today... we’ve found this issue as wanted to connect to the Portal from desk rather than sat in server room!

    Will post what can find.

  • Hi  

    It sounds like you are doing VLAN routing on your switch then is that the case? If so you will need static routes from the XG pointing to your L3 switch handling the VLAN routing.  You will also need a LAN-LAN firewall rule.

    It is also possible that you have created asymmetric routing which should not be done with SPI firewall.

    To progress further, I would suggest running a traceroute from the server VLAN to your workstation VLAN and vice versa.  Then run a trace from the XG to workstation VLAN.

    Alternatively, open up a support request.  It sounds like the traffic is either not reaching the XG or the XG is unable to reach the LAN segment.

    Thanks!

    KingChris
    Community Support | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link