This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VLAN clients receives IP from DHCP but can't access internet

Hi! I've created a new VLAN and DHCP server for it on the firewall. The clients on the VLAN can successfully get an IP address from the DHCP server but cannot resolve websites / or have internet access. Any tips? See below DHCP server config & firewall rule:



This thread was automatically locked due to age.
  • please check the value your wifi network is showing to see if it matches your dhcp settings.

    ian

    XG115W - v20 GA - Home

    XG on VM 8 - v20 GA

    If a post solves your question please use the 'Verify Answer' button.

  • So right now I haven't connected any clients from the WIFI network yet, as I want to make sure this works first. So for now I've just dedicated a switch port to the new VLAN and have a wired laptop into it. It gets a proper IP address from the DHCP server, just no internet.

  • Hi dsurfer 

    As per the firewall rule, LAN is the source zone, the same is applied to VLAN.

    If changing to the proper zone doesn't help check packet capture under MONITOR & ANALYZE-->Diagnostics-->Packet Capture Click on configure Enter BPF string host 8.8.8.8 and proto ICMP to verify the firewall rule.

    Also, check DNS on System is getting resolved, and share any error message from the browser in case the internet not working 

    Regards

    "Sophos Partner: InfrassistTechnologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • Thanks, yes, the Zone is confirmed to be LAN on the VLAN interface and the source on the firewall rule. I tried doing a capture packet with the host string 8.8.8.8 and no records come up.

  • Are you connected on Windows ?

    1.Share ipconfig /all 

    2.nslookup sophos.com

    3.tracert -d sophos.com 

    4. From SSH of Sophos XG check 

    console>tcpdump 'host 8.8.8.8 and proto ICMP

    console>dr 'host 8.8.8.8 and proto ICMP

    "Sophos Partner: InfrassistTechnologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • Yes it's a windows machine that I have testing here:

    I'll do the XG console commands in a few min

  • Share the VLAN setting with a screenshot, for troubleshoot the issue created lan to wan firewall rule as per below settings : 

    From SSH of Sophos XG check 

    console>tcpdump 'host 8.8.8.8 and proto ICMP

    console>dr 'host 8.8.8.8 and proto ICMP

    Make continuous ping to 8.8.8.8

    "Sophos Partner: InfrassistTechnologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • Rule is at the top:

    The console command doesn't seem to do anything, or it's waiting: 

    (Thanks for your time with this! I'll return in about 1.5 to 2 hrs, I have appt thanks)

  • Please select "any" on source network 

    "Sophos Partner: InfrassistTechnologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • Selecting "any" didn't give internet access to the machine on the VLAN. Also if I put "any" there, then it's exactly the same firewall rule as the Default Network Policy rule (towards the bottom):