Hi! I've created a new VLAN and DHCP server for it on the firewall. The clients on the VLAN can successfully get an IP address from the DHCP server but cannot resolve websites / or have internet access. Any tips? See below DHCP server config & firewall rule:
please check the value your wifi network is showing to see if it matches your dhcp settings.
ian
XG115W - v19.5.1 mr-1 - Home
If a post solves your question please use the 'Verify Answer' button.
So right now I haven't connected any clients from the WIFI network yet, as I want to make sure this works first. So for now I've just dedicated a switch port to the new VLAN and have a wired laptop into it. It gets a proper IP address from the DHCP server, just no internet.
Hi dsurfer
As per the firewall rule, LAN is the source zone, the same is applied to VLAN.
If changing to the proper zone doesn't help check packet capture under MONITOR & ANALYZE-->Diagnostics-->Packet Capture Click on configure Enter BPF string host 8.8.8.8 and proto ICMP to verify the firewall rule.
Also, check DNS on System is getting resolved, and share any error message from the browser in case the internet not working
Regards
"Sophos Partner: Infrassist Technologies Pvt Ltd".
Thanks, yes, the Zone is confirmed to be LAN on the VLAN interface and the source on the firewall rule. I tried doing a capture packet with the host string 8.8.8.8 and no records come up.
Are you connected on Windows ?
1.Share ipconfig /all
2.nslookup sophos.com
3.tracert -d sophos.com
4. From SSH of Sophos XG check
console>tcpdump 'host 8.8.8.8 and proto ICMP
console>dr 'host 8.8.8.8 and proto ICMP
Yes it's a windows machine that I have testing here:
I'll do the XG console commands in a few min
Share the VLAN setting with a screenshot, for troubleshoot the issue created lan to wan firewall rule as per below settings :
From SSH of Sophos XG check
Make continuous ping to 8.8.8.8
Rule is at the top:
The console command doesn't seem to do anything, or it's waiting:
(Thanks for your time with this! I'll return in about 1.5 to 2 hrs, I have appt thanks)
Please select "any" on source network
Selecting "any" didn't give internet access to the machine on the VLAN. Also if I put "any" there, then it's exactly the same firewall rule as the Default Network Policy rule (towards the bottom):
Hello there,
Thank you for contacting the Sophos Community.
Adding to what has been mentioned, try doing a GUI Packet Capture to confirm if the traffic is hitting a specific Firewall Rule and NAT rule.
Diagnostics >> Packet Capture >> Configure >> Under "Enter BPF String" enter 192.168.200.101 >> Save >> Turn On
Note: Use the actual current IP of the Windows computer
After that do a ping to 8.8.8.8 and see what the Packet capture shows, you might need to click "Refresh"
Regards,
Thanks! The solution was given to me by bharat J to create a NAT rule (see below) and set it at the top of the rules: