i have a problem on a customers site.
The customer switched from Sophos UTM to XG firewall.
In the past the customer ran into the problem that his network got to small. Because of ease they just add 2 additinal adresses on the LAN interface with a /24 netmask.
Now after the switch to XG firewall this construction don't work really good, because some connections are marked with "Invalid TCP state"
The main address/network ist 192.168.40.0 the Sophos has the 192.168.40.252. The other networks/aliases on the interface are 192.168.41.0 and 192.168.42.0.
Ich for example a client from 192.168.42.0 network tries to access a printer in 192.168.40.0 network it dont work because ogf invalid tcp state. Smartphone access to Exchange in the 192.168.40.0 network also don't work.
It would be very difficult for the customer to change the hole network to another netmask. So i searched for a solution.
I found this:
set advanced-firewall bypass-stateful-firewall-config add source_network 192.168.42.0 source_netmask 255.255.255.0 dest_network 192.168.40.0 dest_netmask 255.255.255.0
Does anyone know, if this would solve the problem i have?
Thanks everybody for your help
This thread was automatically locked due to age.