Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 19 replies
  • Subscribers 47 subscribers
  • Views 77278 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Adding another NIC totally breaks XG Firewall and all dependent rules

Timothy Stewart

Hi.  I have been running XG firewall with 2 NICs - LAN and WAN.  I decided to add another for DMZ and it totally breaks the firewall.  All NICs get reassigned.  Port 1 LAN becomes DMZ, Port 2 WAN becomes LAN, and the newly added Port 2 becomes LAN instead of the unassigned DMZ.  This is crazy.  It wouldn't be so bad if it didn't break all of my rules the depend on Port 2 being WAN, which means when I reassign the new Port 3 to WAN the interface name changes and all business rules that depended on Port2_GW_DHCP get abandoned since this interface no longer exists.

Is this expected?  Is there a simple way to rename ports and reassign them to their old name, role, and position?  This seems like a major bug.



This thread was automatically locked due to age.
Parents
  • 0

    Sorry that no one has suggested a solution for you. I had a similar experience just after I first installed Sophos XG in a VM under ESXi. I added a NIC after the initial configuration, and it re-ordered my already configured NICs. I had not yet added any rules, so it was not much of a problem. I just had to figure out which vnic had been reassigned to my XG LAN port, so that I could log back in.

    If I remember correctly, someone had mentioned in a post that the XG interfaces (Port1, Port2, etc.) are assigned to NICs in MAC Address order, so I changed the ESXi-generated MAC Address of the newly added NIC to fall at the end of the list of installed NICS. This allowed me to preserve the assignments of the Ports / NICs from my initial configuration and have the new NIC show up as the last interface in XG.

    Good Luck,

    Will

    --------------------
    Sophos UTM / Sophos XG Firewall home user

    Private: Virtual UTM 9.3, ESXi 6.0: 2 vCPUs, 8GB RAM, 120GB vHDD, 3 vNICs

    Private: Virtual Sophos XG Firewall, ESXi 6.0: 1 vCPU, 4vCores, 6GB RAM, 80/4 GB vHDD, 3 vNICs

    ESXi 6.0 Host: SuperMicro C7Z97-OCE, Core I5-4690 3.5 GHz, 32GB RAM, NICS: I217-V, I210, I340-T4

  • 0 in reply to Will32
    Thank you for this! I am running ESXi too. I will give this a shot. You made my day. Nice workaround.
Reply Children
No Data
Unfiltered HTML