Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 2306 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Firewall using incorrect IP address

Paul Jones2

Hi Guys, I'm a bit of a Sophos XG Noob so please bare with me.

Sophos XG - 310 (SFOS 17.5.9 MR-9)

We are having an issue with our systems authenticating around our Sophos Box, authentication is failing due to traffic not going where it should.  What we have noticed is that our Sophos WAN port(Port 2): IPv4 10.172.65.30 /28 has also been using 10.172.65.29(which belongs to our Cisco Switch Port, Static Address) and registered the IP against the Sophos Port2 MAC address.  We only found this out by looking at the logs on our Cisco switch that the Sophos box is plugged into, the logs show this as a conflicting address.

Has anyone seen this happen before?  Any ideas how to rectify this issue.  Both the Cisco and Sophos box haven't been touched in the last few weeks, this error happened this morning for the first time.

 

Cheers,

Paul.  



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to lferrara

    Hi Guys,

     

    Thanks for the reply's.

     

    Let me clear it up, I have now rolled back firmware versions and can see under the Neighbors(ARP-NDP) the offending ip, it wasn't there on the latest firmware.  It is also using port 2 but has a different MAC address, I don't have any aliases on Port 2.  Is there an easy way to delete it?  Clicking on the trashcan doesn't get rid of it.  Also, still not sure where it came from.

  • 0 in reply to Paul Jones2

    Paul,

    if you see the IP under neighbour tab, there is another device that is using that ip and not XG. Neighbour ARP-NDP is just a learning protocol.

    Check you has that ip on the wan interface.

    More info for ARP-NDP here

    http://docs.sophos.com/nsg/sophos-firewall/18.0/Help/en-us/webhelp/onlinehelp/nsg/concepts/ARPNDP.html

    Regards

  • 0 in reply to lferrara

    Thanks for the reply,

     

    Is there anyway I can remove this IP from ARP permanently as it is causing a bit of confusion with some rules on our switch.

     

    XG310_WP02_SFOS 17.5.8 MR-8# arp -n                                             
    ? (10.172.65.17) at 84:b8:02:21:1b:04 [ether]  on Port2                         
    ? (10.192.192.1) at dc:f7:19:33:02:42 [ether]  on Port1                         
    ? (10.172.65.29) at <incomplete>  on Port2                                      
    XG310_WP02_SFOS 17.5.8 MR-8#        

    it has now completed

    10.172.65.17
    84:b8:02:21:1b:04
    Port2
    Complete,Dynamic
    		  
    10.192.192.1
    dc:f7:19:33:02:42
    Port1
    Complete,Dynamic
    		  
    10.172.65.29
    dc:f7:19:33:02:4c
    Port2
    Complete,Dynamic
    		 
     
  • 0 in reply to Paul Jones2

    Go to advanced shell and run this command:

    ip -s -s neigh flush all

  • 0 in reply to lferrara

    I’ve tried that, it comes back again after a reboot.

  • 0 in reply to Paul Jones2

    Paul,

    can you share a screenshot?

    Again, the XG is learning the mac-addresses from the network where it is attached. It is not an XG issue but another device on the network has that IP address.

    Check the mac-address that is linked to the IP address that is causing the conflict and check via show mac-addresses on cisco where the host with that mac-address is attached.

    Regards

Unfiltered HTML