Not Able to ping Internet from Sophos XG 115w

Hi Dirkkotte,

you're right, issue is that the system-generated traffic whas not NATed, the following command fixed the issue

set advanced-firewall sys-traffic-nat add destination 0.0.0.0 netmask 0.0.0.
0 snatip <my-public-IP>

Hi,

bellow the NAT rule screenshot, NAT_iphost is the Alias public IP 41.111.198.5

from the console, i checked the NAT for system  generated traffic, it is not configured yet, thanks

,

Hi dirkokotte,

I am nor sure what you are driving at?

ian

Seems as your NAT/Masquerading rule don't capture the system-generated traffic ...
Can you show us a screenshot?

@rfcat_vk: if there is a really big bug ... internal users should not be able to work either

here is the network diagram

Sorry, this is not making sense, please provide a network drawing to clarify the connections.

ian

Hi,

i'm using another public IP (41.111.198.5) as Alias on the external interface (wich has the  primary IP 192.168.123.82 )

thanks

Hi,

using the public which is assigned to the external interface of your isp router will not work. You need to put the isp router into bridge mode to be able to use the public IP address.

ian

Hi,

192.168.123.81 is my default GW for the sophos, wich is ISP router, 

192.168.161.85 is located on the ISP network,

i'm using NAT with a public IP provided by the ISP, the public IP is configured as an alias on the WAN interface of Sophos firewall

ping and traceroute to 8.8.8.8.8 using the internal interface as source is also failing,

i have only one Internet connection

here is the traceroute screenshot from LAN IP of sohops 

please tell us more about IP 192.168.123.81 and 192.168.161.85
what are these devices? Where are they located?
If you don't mask your internal traffic at the WAN interface, possible your LAN-segments are routable and the transfer-subnet not..
Are there other Ways out of your LAN (2nd  ISP, other routers, ...)?

Try the ping & traceroute 8.8.8.8 tests  again and select the internal interface as source.