Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 41 subscribers
  • Views 1904 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Route problem on XGS116 firewall

David Chour

Hello,

I'm stuck on a LAN routing problem.

We changed our UTM firewall to XGS116, I recreated the rules and configuration on the new firewall, but I have a problem with the incoming traffic to the internal network.

We have several offices that are interconnected by MPLS.

From the other offices I can no longer reach the head office network, but I can reach the subnet

Here is a diagram and the static routes.

Can you please help me ^^



This thread was automatically locked due to age.
Parents
  • +1

    Hi David Chour

    Seems Asymmetric Routing, can you try the below steps :

    console>show advanced-firewall


    console>set advanced-firewall bypass-stateful-firewall-config add source_network [source network IP] source_netmask [source subnet mask] dest_network [destination network IP] dest_netmask [destination subnet mask]

    Thanks and Regards

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • +1

    Hi David Chour

    Seems Asymmetric Routing, can you try the below steps :

    console>show advanced-firewall


    console>set advanced-firewall bypass-stateful-firewall-config add source_network [source network IP] source_netmask [source subnet mask] dest_network [destination network IP] dest_netmask [destination subnet mask]

    Thanks and Regards

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Children
  • 0 in reply to Bharat J

    Hello Bharat,

    I would prefer to "optimize" David's network design instead of configuring a workaround on the XGS.

    And I don't like the often heard argument "it worked before with the SG ..."

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to PhilippRusch

    +1. The diagram shows an odd physical configuration that you can work around with the CLI but if there isn't a specific reason (or an error in the diagram) for this, they will eventually have other problems or inefficiencies.

  • 0 in reply to PhilippRusch

    Hello jprusch,

    The workaround proposed by Bharat J works but I would not like to keep this solution for a long time.

    As requested here is the routing table on the switch 192.168.0.254

    Otherwise, do you think it would be better if the MPLS router was connected directly to the firewall ?

Unfiltered HTML