Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Accessing subdomains.

Hello all.  I'm a newb home user coming from OpnSense.  I'm having an issue accessing my subdomains.  This is something simple that I'm just not understanding.  A couple pics will help explain what I'm trying to accomplish, and my setup.

Interfaces

DHCP (note that the bottom 2 are in reverse order aka it shows PortD then PortC, not that this matters).

Firewall Rules

PortB and PortC can access the internet (I didn't try PortD).  PortB can't access PortD.  In the CLI I can ping both just fine.  How can I enable PortB to access PortD?

Also on PortB I used the predefined zone called WiFi (as this is an access point).  Is this ok, or should I create my own name?

Thank you.



This thread was automatically locked due to age.
  • Hi,

    you need a rule to access each port/network. You can basically use whatever name you choose.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • I meant to say "How can I enable PortB to access PortC?"  I was assuming that you said I need a rule you meant firewall rule.  That is what I thought that I had, like in my last picture.  Again, I had misspoke when I said B to D.  I meant B to C.

    Thanks again.

  • I suggest you change your port names from PORTD to something meaningful. You appear to have mixed up port names with zones.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • Great suggestion.  So this is what I have now.  I know it's something really simple.

    My OS is linux, A shell ping doesn't respond to 192.168.30.2, but the CLI does.  ifconfig shows a 192.168.4.136

    I changed my zones to all use LAN, and removed the other zones.

    Thanks you for your help.

  • Check your firewall logging to see if the traffic is actually blocked. You might need to (temporarily) add a block everything rule with logging enabled at the very end of the firewall to be sure you (temporarily) log all blocked traffic.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • Here was some issues.

    1) I was trying to ping a proxmox port from a separate subnet.  Apparently this isn't allowed.  Still odd how the CLI could ping it.  That threw me off.

    2) Nothing was plugged into that port (head palm).

    3) The test rules works great, I didn't realize that it was literally a simulation, and didn't actually try to do it.

    You guys are great.  Thank you for helping. 

    On a side note, I've been hammering the GUI, and found a lot of things that I really like.