Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 40 subscribers
  • Views 1844 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Accesspoint network is not routed

nicolebaumeler

Hi community

I am struglling with my internal Access point connection.

 

Setup:

I have configured a new interface on the XG with a new IP range, the XG is setup with DHCP server that offers IP Adresses from that new range to the Access point which works perfectly.

1. The new interface is set into the zone LAN.

2. XG is setup to make DNS.

3. XG is setup to make DHCP (as described)

4. There is a static route for the WLAN network to be reached over GW Access point on the new interface

5. The Access point is configured as a gateway

6. Firewall rules are in place to reach the WLAN from internal LAN and vice versa.

 

Issues:

Ping is OK from internal to the Access point over the whole connection.

From the WLAN it is possible to ping the whole connection to the internal LAN interface of the XG too.

But I can not ping from internal to that client in the WLAN and from the client in the WLAN I can not reach any ressource in my LAN and not the external IP adress of the XG or any other eyternal IP adress (therefore it's pretty clear that DNS is not working either).

 

What is missing to make my WLAN able to reach the network?

 

 

 

 

 



This thread was automatically locked due to age.
  • 0

    Hi,

    why do you have your internet connection setup as a router rather than in bridge mode?

    I suspect your issue is that you have a an interface with a different gateway and do you have firewlll rules allowing traffic between all LANs?

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v20.0.2 MR-2

    If a post solves your question please use the 'Verify Answer' button.

  • 0

    Nicole,

    can you include in the map all the networks?

    Who 172.25.5.121?

    If other Ip in the same subnet are pinbable, check the firewall on the destination pc/server.

    Thanks

  • 0

    Hi  

    Please make sure that you have a firewall rule for WLAN to WAN for Internet communication and WLAN zone to LAN zone and LAN zone to WLAN zone firewall rules for Internal communication.

    Traceroute and packet capture on XG will help you to narrow down the issue.

    https://community.sophos.com/kb/en-us/123567

    Hope this helps.

    Regards,

    Keyur
    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • 0 in reply to lferrara

    There is only the DMZ network not in the list but this is not involved in the story.

    INT LAN = 172.26.5.0/24

    WLAN = 172.25.5.0/0

     

    172.25.5.121 is the client in the WLAN who receives it's IP trough DHCP from the XG

     

    To be sure it's not the host's firewall who blocks I have also my mobile phone accessing the WLAN access point.

    It gets an IP an connects to the WLAN access point, but internet connectivity is not working.

  • 0 in reply to Keyur

    Hello Keyur

    Firewall rules are in place but I forgot to add the picture:

    The ANY-ANY rules between INT and WLAN are NO NAT

    The rules from WLAN to WAN are with NAT.

     

    I will try to dig in another time with packet capturiung/logging, but until today I have not found the issue.

  • +1 in reply to lferrara

    Hi everybody who has answered to my request and

     

    I fixed the problem!

     

    1. There was an McAfee package running with firewall on the client that came within the installtion and I did not know about....

    2. After I uninstalled that one it was the clients default firewall (Windows 10) that blocked incoming icmp requests -> disabled that one too -> icmp is now replying \o/

    3. Last but not least I deleted all static and policy based routing (except the default route) -> internet access is now working too \o/

     

    thank you all for having taken yourself the time to read and answer on my question!

     

     

     

Unfiltered HTML