Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Firewall and Routing : Issue to ping my Destination IP

Hello,

I have this network architecture , 

And my goal is that the VLAN100 (with Network IP : 192.168.123.0/24) to have access on my Server 172.20.24.24

So , I create this Route on my Sophos Firewall ( version XG S3300 firmeware 19.0.1) , 

And Also this Rules, in order to allow all traffic from my VLAN100 to all other interface and ports

So all of my Host in my VLAN can ping this Server 172.20.24.24 , but this server  192.168.123.100  cannot

And the traceoute tfrom 192.168.123.100 to 172.20.24.24 stay on 192.168.123.1

Could you please help me to resolve this weird issue ?



This thread was automatically locked due to age.
Parents
  • Why do you have individual routes for each IP address? Also VLAN 100 terminates on the XG where as VLAN 300 terminates on the watchguard and there is no

    relationship between VLANs.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hello

    We do this because this Server 172.20.24.24 is the one that we need to have access , so we created this route .

    From Sophos and watchguard, we have one direct  inteconnexion who have @IP 172.20.25.62 on Sophos interface and 172.20.25.1 on Watchguard interface Side . Sophos and watchguard can communicate with this direct interconnexion  .

    And the issue is that all of my VLAN 100 ( ex : 192.168.123.10 ) can ping and have access to this server 172.20.24.24 , it s not a problem .

    But the issue is , my Server 192.168.123.100 can't ping and stuck to my Gateway 192.168.123.1 when I tryed to traceroute  . This server also need to have access to this server 172.20.24.24

    BR

    Tovo

  • Hi,

    VLAN300 does not come near the XG so having a network  labelled vlan300 goes nowhere.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Hello,

    Thank you for your comment but this s not the principal issue , the issue is way i m not able form my server 192.168.123.100 to ping this IP 172.20.24.24 .

    I am able form all of my VLAN ( 192.168.123.0:24) to acces on this same server with this route that I put below

    BR

    Tovo

  • As an example from my IP 192.168.123.30 to tracert this server 172.20.24.24

    You can see here , the trace route .

    BR

    Tovo

  • You don’t have a path/route between the two locations..

    ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • for additionnal info , the direct interconnexion is my path/route betwen this two location (it s configurate as a LAN) , from Sophos Side we have this IP 172.20..25.62 and from Watchguard Side : 172.20.25.1 , and I said before this two location can communicate .

Reply Children
No Data