Problem with aliases on LAN interface


i have a problem on a customers site.

The customer switched from Sophos UTM to XG firewall.

In the past the customer ran into the problem that his network got to small. Because of ease they just add 2 additinal adresses on the LAN interface with a /24 netmask.

Now after the switch to XG firewall this construction don't work really good, because some connections are marked with "Invalid TCP state"

The main address/network ist the Sophos has the The other networks/aliases on the interface are and

Ich for example a client from network tries to access a printer in network it dont work because ogf invalid tcp state. Smartphone access to Exchange in the network also don't work.

It would be very difficult for the customer to change the hole network to another netmask. So i searched for a solution.

I found this:

set advanced-firewall bypass-stateful-firewall-config add source_network source_netmask dest_network dest_netmask

Does anyone know, if this would solve the problem i have?

Thanks everybody for your help



Edited TAGs
[edited by: emmosophos at 6:57 PM (GMT -8) on 15 Nov 2022]