Pretty much out of the blue I can't get my RED15's to work in Transparent/Split mode against 18.0.5 MR-5.
By work I mean accessing resources on the LAN behind the XG firewall.
I can't recall making any changes that will have any influence.
- All working OK with both Standard/unified and Standard/split.
- All working OK with both unified and normal firmware.
- All working OK with tunnel compression both on and off.
- All working OK with RED on LAN zone or separate zone.
- Checked with 3 different RED devices.
To make clear - using Transparent/Split mode, it doesn't work, regardless of other options (firmware/tunnel compression).
The tunnel looks as if it's working on both the RED and the XG side, but pinging whatever on the XG LAN doesn't work.
Thanks in advance, Adam.
Hi Oz Group,
Thanks for reaching out to the Community!
I'd suggest you run a packet capture on the destination IP address from the GUI to determine if the traffic arrives on the firewall or not. If it arrives on the firewall, is it being processed with the correct firewall rule and interfaces?
Reference KBA: Monitor traffic using Packet Capture Utility in the Sophos XG Firewall GUI.
Please post the screenshot of the packet capture.
Community Support Engineer | Sophos Technical SupportSupport Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts If a post solves your question use the 'Verify Answer' button.
I'll have a look but the issue become kind of urgent, so if it will not be resolved, somehow, within 24 hours I will just reinstall the XG firewall from scratch...
OK, I found the problem.
If I set a second IP for the firewall (in either Failover or Load Balancing mode), it stops working.
Even deleting the second IP and restoring the RED configuration to a single IP address won't work.
As soon as I delete the RED completely and re-adding with a single IP, everything works.
* EDIT *
It seems to be a specific case to a larger problem.
Any change I make after the initial RED configuration seems to cause the same issue.
I configured the RED to a separate zone - working.
Changed to LAN - not working.
Restoring to original zone - not working.
Also vice versa with the same result - only deleting and re-adding makes it work again.