Problem with aliases on LAN interface


i have a problem on a customers site.

The customer switched from Sophos UTM to XG firewall.

In the past the customer ran into the problem that his network got to small. Because of ease they just add 2 additinal adresses on the LAN interface with a /24 netmask.

Now after the switch to XG firewall this construction don't work really good, because some connections are marked with "Invalid TCP state"

The main address/network ist the Sophos has the The other networks/aliases on the interface are and

Ich for example a client from network tries to access a printer in network it dont work because ogf invalid tcp state. Smartphone access to Exchange in the network also don't work.

It would be very difficult for the customer to change the hole network to another netmask. So i searched for a solution.

I found this:

set advanced-firewall bypass-stateful-firewall-config add source_network source_netmask dest_network dest_netmask

Does anyone know, if this would solve the problem i have?

Thanks everybody for your help



Edited TAGs
[edited by: emmosophos at 6:57 PM (GMT -8) on 15 Nov 2022]
Parents Reply
  • Hello again,

    so we could test it at the customer site. So the problem has gone with traffic to printers for example. But now a new problem occured.

    Before the change a Client from 192.168.42.x could access Sophos Management Services like User Portal, WebAdmin and Captive Portal on Now the Clients can only Access these services with the corresponding Gateway Adress of their network.

    Its not so great issue, but the problem is that i only can set one IP/Hostname for the Captive Portal 



No Data