Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 19 replies
  • Answers 1 answer
  • Subscribers 39 subscribers
  • Views 3995 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG125w - Some strange issues and firewall rules not working

Aaron Berger

Hello,

I'm migrating a network from an old Sonicwall to a new Sophox XG125w.

I added the device to my Sophos account and activated the licenses.

When I ran the setup wizard it was able to download the latest SFOS 18.0.4 MR-4 firmware and install it, but it refused to allow internet connection to any clients (couldn't even ping). I reset the firewall to defaults and ran the wizard again and it's now giving internet to clients, but in the WAN link manager (ISP modem is in bridged mode and the WAN link manager is set to DHCP) it's showing WAN link as down. I rebooted it and left it overnight but no change on the WAN status, but clients are surfing fine..... I figure this might be a bug in the current firmware? Or if there a configuration I've missed for the WAN link?

Now I am trying to create a rule to allow external access to a couple of cameras. In the Hosts and Services configuration page, I added the IP address of the camera and  for the services I added external port 9000 forwards to internal port 80. I then ran the Server Assistant (DNAT) wizard to create the firewall allow rule. The rule was created and looks ok. However, I am unable to access the port externally. Have I missed something in the rule creation?



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    are you sure the camera accepts traffic on port 80, mine use 9000 and remote access is done via the camera company’s website.

    ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Hey rfcat_vk

    100% sure camera's use port 80, can access them on that port internally. 

  • 0 in reply to Aaron Berger

    Hi,

    please post a copy of your firewall and Nat rules.

    iaan

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Firewall Rule

    Nat Rule

    Nat Reflexive Rule

    Nat Loopback Rule

    Also, this is the weird bug I'm getting with the WAN lInk Manger (even though it's online). I also tried to reboot the firewall in webconfig using Firefox and it said I was offline, I logged in with IE and I was able to reboot without issue:

  • 0 in reply to Aaron Berger

    Hi,

    with WAN link  manager what are you testing against that gives a failed test? You could try using your ISPs DNS if it responds to pings?

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    ISP modem is in bridge mode. Wan link on firewall is set to DHCP. I'm using auto for the DNS too and it's getting the correct ISP DNS addresses too.

    Sorry I'm not sure what you mean "testing against that gives failed test"? It's just that the WAN link manager and the dashboard show the WAN connection is down, even though I'm getting internet for the clients behind the firewall and I can ping google.com from a client and from diagnostics in the firewall. I've not seen the WAN link do this before for XG.

  • 0 in reply to Aaron Berger

    If you click on the entry in WAN link manager you will see connection testing settings.

    Ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply Children
Unfiltered HTML