Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 39 subscribers
  • Views 1146 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Invalid Traffic - specifically using web browser, not via nmap

jon_hall

Hi all, i have had a look at the Invalid Traffic page but as stated at the bottom doesnt resolve the issue, just reduces the number of logged entries

My setup is as follows

Core network is TPLink Omada (Manages the vlans)

Sophos setup:

Port1 - Management LAN (VLAN 1)

Port2 - Internet WAN

Port3 - VLAN 131 Subnet LAN (gateway for this is the IP of Sophos) (Management wifi)

Port4 - VLAN 121 Subnet LAN (IOT wifi)

Port5 - VLAN 111 Subnet LAN (userland wifi)

When using VLAN 131 subnet I cannot access any resources on Management LAN (by default this is what I want for my main VLAN 111, but still need my management access).

Ive added internal allow rule to the fw (though bit surprised its going through fw considering each subnet is set to LAN) ... and its allowed me now to ping everything and use nmap to the specific ports successfully on the management LAN, but use a web browser the firewall logs with 'Invalid Traffic' (nmap logs successfully hits the rule and gets passed through no issues

Any ideas?



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    you appear to have VLAN identity issues, please edit your post to show the corrected VLANs.

    Ian

    XG115W - v20.0.3 MR-3 - on holiday

    XGS118 waiting for licence to installed - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • 0

    Hi,

    you appear to have VLAN identity issues, please edit your post to show the corrected VLANs.

    Ian

    XG115W - v20.0.3 MR-3 - on holiday

    XGS118 waiting for licence to installed - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

Children
  • 0 in reply to rfcat_vk

    Cheers, I originally wrote all my VLANs down then thought it best to obscure them, missed updating the ones in the second half of the message lol - now all un-obfuscated :)

  • 0 in reply to jon_hall

    Please provide a simple network diagram. If the switch is managing the VLANs then you don't need VLANs on the XG because all traffic will be directed to the XG through an untrunked port.

    Ian

    XG115W - v20.0.3 MR-3 - on holiday

    XGS118 waiting for licence to installed - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Controller, router, switches, and AP's are Omada like I mentioned, VLANs and subnets are defined in that system. These lead to a poroxmox server that attaches 5 virtual nics (with vlan tags on the 131, 121, 111 networks). Of wich only my testing and future management vlan 131 is using the sophos fw IP on the subnet as its gateway

Unfiltered HTML