Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DMZ issues with new XGS 3300 firewall

Hello. We had 2 XG330 firewalls in our environment that failed within a week of each other. I was able to back up the configuration from the working firewall before it failed. We installed 2 new XGS3300 firewalls and restored the configuration to those. However, since doing that, we cannot get servers in our DMZ to connect to the other servers associated with them. We have checked all the firewall rules and NAT rules and they are the same as they were on the old firewall (our consulting firm was able to rebuild one of the old firewalls and compare the configurations between the new and old.) Our consultant seems to think that there could be an assemetric routing issue that could be related to the new v. 20 of the firmware? Has anyone else run into this? Can we roll back to the v. 19.5 to see if that will solve the problems? Thanks!



This thread was automatically locked due to age.
  • Hi Geoff Price

    Please share your network connectivity diagram with your Server which should communicate.

    Did you try to bypass the network with asymmetric routing ?

    Check the status with the following 

    console>show advanced-firewall

    Check how traffic is getting forwarded or dropped 

    console>tcpdump 'host <destination IP> and proto ICMP

    console>dr 'host <destination IP>

    Regards

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • Hi, I had similar issues with a customer,and what we did was to change the DMZ port to lan, create a lan to lan rules, configure a port on the firewall for our servers, then do a port forwarding or DNAT to those servers, and that solves the issue.

    Try this and revert.

  • Thanks, Geoff Price for your updated over PM, the issue got resolved by re-imaging the old firewalls and re-installing them back.

    Regards 

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.