Problem with aliases on LAN interface

Hello,

i have a problem on a customers site.

The customer switched from Sophos UTM to XG firewall.

In the past the customer ran into the problem that his network got to small. Because of ease they just add 2 additinal adresses on the LAN interface with a /24 netmask.

Now after the switch to XG firewall this construction don't work really good, because some connections are marked with "Invalid TCP state"

The main address/network ist 192.168.40.0 the Sophos has the 192.168.40.252. The other networks/aliases on the interface are 192.168.41.0 and 192.168.42.0.

Ich for example a client from 192.168.42.0 network tries to access a printer in 192.168.40.0 network it dont work because ogf invalid tcp state. Smartphone access to Exchange in the 192.168.40.0 network also don't work.

It would be very difficult for the customer to change the hole network to another netmask. So i searched for a solution.

I found this:

set advanced-firewall bypass-stateful-firewall-config add source_network 192.168.42.0 source_netmask 255.255.255.0 dest_network 192.168.40.0 dest_netmask 255.255.255.0

Does anyone know, if this would solve the problem i have?

Thanks everybody for your help

Greets

Andreas



Edited TAGs
[edited by: emmosophos at 6:57 PM (GMT -8) on 15 Nov 2022]
Parents Reply
  • Hello again,

    so we could test it at the customer site. So the problem has gone with traffic to printers for example. But now a new problem occured.

    Before the change a Client from 192.168.42.x could access Sophos Management Services like User Portal, WebAdmin and Captive Portal on 192.168.40.252. Now the Clients can only Access these services with the corresponding Gateway Adress of their network.

    Its not so great issue, but the problem is that i only can set one IP/Hostname for the Captive Portal 

    Greets

    Andreas

Children
No Data