Thread Info
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problem joining 2 Sophos with physical cable

Angel Vallvidrera

Hi, and sorry for my poor english

I have 2 Sophos XG 18 connected by cable according to the attached diagram.


After I have created the rules and routes, I can ping either of the Sophos XGs, but not the machines on each network. I can ping from 100.64.0.0/16 to 172.16.1.10, but not to 172.16.1.17 which is a computer, and vice versa, I can ping from 172.16.0.0/12 to 100.64.0.1, but not to 100.64 .1.1 which is another computer.


Does anyone have any idea why it happens? did i forget something? do I do something wrong?


Thanks in advance



This thread was automatically locked due to age.
  • 0

    Hi,

    I don’ understand what you are trying to achieve and possibly your drawing is miss labeled.

    You have 172.16.0.0/12 on both sides of the XG which is not logical.

    ian

    XGS118 - v21.0.1 MR1

    XG115 converted to software licence v21.0.1 MR-1

    If a post solves your question please use the 'Verify Answer' button.

    • 0 in reply to rfcat_vk

      Hi,

      I have two networks, each connected to a Sophos XG. The first network is 100.64.0.0/16 and the second 172.16.0.0/12.

      In the first one, the Sophos IP is 100.64.0.1 which is assigned on eth1, eth2 is the WAN, and eth3 is 192.168.111.1 with which I want to join the two Sophos XGs to be able to access the network from a network. other.

      In the second, the IP of the Sophos XG is 172.16.1.10 on eth1, eth2 is the WAN, and eth3 is 192.168.111.10 in order to see the first network.

      I have created a static route in each of the Sophos, in the first the route is: 172.16.0.0/12 gateway eth3, and in the second, 100.64.0.0/16 gateway eth3.

      I have also created the firewall rules, in the first one, Source Zones LAN and LAN2 with destination LAN and LAN2, allow. and in the second Sophos XG the same, so that the traffic passes from one network to the other.

      But still it keeps failing me. I do not know if I have explained myself correctly.

      All the best

      • 0 in reply to Angel Vallvidrera

        You have the same IP address ranges on both sides of the XGs. What are trying to achieve with such a complex setup?
        ian

        XGS118 - v21.0.1 MR1

        XG115 converted to software licence v21.0.1 MR-1

        If a post solves your question please use the 'Verify Answer' button.

        • 0 in reply to rfcat_vk

          The Cloud in each Sophos is Internet, ROUTE Label not is a network, is a Route i has created in each Sophos, is to clarify rules and routes created in each Sophos.

          Thx

          • 0 in reply to Angel Vallvidrera

            I am at a loss to understand what you are trying to achieve with this setup?

            ian

            XGS118 - v21.0.1 MR1

            XG115 converted to software licence v21.0.1 MR-1

            If a post solves your question please use the 'Verify Answer' button.

            • 0 in reply to rfcat_vk

              Let's see if the graph is clearer that way.

              What I want to achieve is to see the first network from the second and vice versa.

              • 0 in reply to Angel Vallvidrera

                Just create a rule similar to this

                source lan, network any

                destination lan, network any

                allow

                log

                on both firewalls to get the connection going.

                ian

                XGS118 - v21.0.1 MR1

                XG115 converted to software licence v21.0.1 MR-1

                If a post solves your question please use the 'Verify Answer' button.

            Unfiltered HTML