Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 37 subscribers
  • Views 1996 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Access all VLAN from mgmt but no VLAN should access mgmt

Pur Ity

Hi,

I have newly installed Sophos XG, I had an UDM Pro before.

Anyway, I have created a VLAN 20 and if I create a FW rule for LAN to LAN and source Any I can access VLAN 20 from "Native LAN" (#Port1).

What I wan't to do is that the devices that is not on any VLAN, but directly connected to "#Port1" should be able to access all devices on all VLAN's but devices on VLAN's should not be able to access "Native LAN" (#Port1).

If I make a FW rule with the following,

Source zones: LAN
Source networks and devices: #Port1

Destiatnion zones: LAN
Destination networks: Any

it does not work, it breaks the connection.

On the UDM Pro it worked fine, I just had to activate a rule for "Allow all Established and Related Traffic", but I can't find that in Sophos XG.

Thanks.



This thread was automatically locked due to age.
Parents
  • FormerMember
    +1 FormerMember

    Hi ,

    Thanks for reaching out, and welcome to the Sophos Community! 

    Instead of adding "#Port1" in the source network, could you please create a network object for the LAN network?

    #Port1 contains only a single IP address associated with the interface; you'd need to create a network object.

    Thanks,

  • 0 in reply to FormerMember

    So I created a "IP host" group for my "management" network and added the firewall rule like this,

    and it seems to work. Now I can connect from MGMT to VLAN20, but devices on VLAN20 can't reach devices on MGMT.

    Is there anything else I need to do?

Reply Children
Unfiltered HTML