Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 42 subscribers
  • Views 2153 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Docker L3 network routing notworking Sophos XG fireall

Opizol

Hello!

I'd like to ask for your help, I've been using this great firewall for several years, but now I'm stuck.
I have a small network at home in which I installed a docker host for testing purposes.
I have found the best way to allow the docker containers to access the home network is to configure the docker network to create an L3 network.
The LAN-->LAN firewall rule is created, the routing table is created, but from the docker container I can only ping the firewall IP address, no other hosts from the home network.

The return path works fine so I can reach containers from any host at home.
Another interesting thing is that when I ping one of the hosts in my home network from the container, the reply back is stuck, so the host's reply is thrown away by the firewall. But if I ping the same container from the same host, the response arrives fine, the firewall when pinging any host from the container it writes ICMP packets with invalid ICMP type/code.  

Please help.



This thread was automatically locked due to age.
Parents Reply
  • 0 in reply to rfcat_vk

    Hi!

    There is no VLAN. The debian running the docker does not have a separate VLAN and that's why the docker creates an L3 network. The container can reach the firewall but nothing else. A ping request from the container goes to the host, but back to the firewall, the firewall will prevent the ping from coming back.
    For example:
    I ping the IP 10.20.55.55 from the ip 192.168.245.250 then I see this in the firewall logs:

Children
Unfiltered HTML