Hello dear Sophos Community,
we've recently set up a brand new Sophos XGS 108w Appliance in one of our construction offices. We use it's integrated WLAN AP to deliver the WLAN in that Office. The WLAN is set up as a Separate Zone with its own Network. I've set up a Firewall Rule that allows specific traffic from that WLAN to the LAN. There shouldnt be everything allowed here, that's why we want to use a separate Network and no Bridge.
When i now try to access ressources in the LAN, i am unable to reach them. Even if i allow everything from the WLAN to the LAN i cannot reach anything. Except for the Appliance itself, which has HTTPS Access allowed to itself inside the LAN Zone. Looking further into the issue it seems that the Firewall Rule isnt even triggered. I get "Invalid Traffic" entries in the Log Viewer which is odd and seems to be a Routing issue. But the Interfaces are all set up correctly and have their respective IP Adresses. So it looks to me as if the Appliance is unable to route between these Zones. For no reason in my opinion. This should not happen.
Can you help me with this issue and maybe point me into the right direction? Currently the config is still pretty much default. Apart from the WLAN and LAN we also have a WAN Zone and use a static IP provided by the ISP here. Also odd in that case is that the Appliance is creating NAT Rules that i cannot delete, since the Internet Access isnt working without a Gateway. When creating a Static Route (0.0.0.0/0 via GW xyz on Interface Port 2, which is WAN) it doesnt do anything and its not working. It only works with a Default Gateway on the WAN Interface. As if this thing simply doesnt want to route anything.
So, again: Can you help me with that issue? We've always used SG Appliances before which are simply top notch and totally logical in terms of what they do. That whole XGS Stuff drives me crazy right now ...
Many thanks in advance,
Steffen
Edited TAGs
[edited by: Erick Jan at 12:54 AM (GMT -8) on 24 Jan 2025]
Quote