Hi
I am using Sophos XG115 as the firewall and i do have a layer 3 switch (Unifi 8 port POE 60W switch) which leverages VLANS created & tagged at XG115.
Users in different VLANs want to connect to devices (e.g. Network Printer and Network Attached Storage device [TerraMaster]) located in another VLAN.
i have created a firewall rule which enables the communication between VLANS. I have also created DHCP records for each VLANs at XG115.
I am able to PING to the gateway addresses of each VLAN. Unfortunately, the trace route keeps on failing at the gateway address of LAN network port at XG11 5when trying to reach to devices in different VLANs.
Can someone help me in steps on what we should be adding or enabling to allow users in different VLANs to access the NAS and Printer?
Please note that users are on stand-alone Windows 10 devices. There is no active directory or LDAP integrations (i mean there is no Windows server).
Below is a diagram of the network. An early response is highly appreciated.
Hi,
do you have a firewall rule lan any lan and allow all in place? Tracert -I will display the total path.
ian
XG115W - v19.5.1 mr-1 - Home
If a post solves your question please use the 'Verify Answer' button.
hey can you show your rule set ?
Attached are my rule sets
Please refer the additional information that i have uploaded
Hi Ian
Yes I do have. When use the policy test, it comes back with pass.
Please refer the additional information (images of rules) that i have just uploaded
Thanks
thank you for posting those rules. On the first rule try changing the any to LAN and enable logging so you can see what if any traffic is attempting to use the firewall rule. Also please make it the top of the rule list.
Ian
Hello, try source zone :lan , source network select all VLAN inside and the same for destination zone: LAN and destination network : all VLAN . move the rule set to the top position at the Intranet rulesets.
Hi there. Have you created a Static Layer 3 Route from the XG back to your Layer 3 Switch?
f.e. 10.1.0.0/16 to <IPofYourLayer3Switch>
UJay In this scenario, you need to add static route in the firewall. For an IPv4 unicast route, go to Configure > Routing > Static Routing and click Add under IPv4 Unicast Route.https://docs.sophos.com/nsg/sophos-firewall/v17.1.4/Help/en-us/webhelp/onlinehelp/index.html#page/onlinehelp%2FUnicastRouteEdit.html%23Video link: https://www.youtube.com/watch?v=h-nu7tMfL_E
Hope this helps!
Cheers!
-----------------------
Thank & Regards,
Nilesh Mojidra
If a post solves your question, use the 'Verify Answer' link.
I tried your suggestion and still unable to cross from one VLAN to another.
I am able to ping between gateways of each VLANs but not able to trace route or ping a specific IP address of device.