Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 19 replies
  • Subscribers 47 subscribers
  • Views 77261 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Adding another NIC totally breaks XG Firewall and all dependent rules

Timothy Stewart

Hi.  I have been running XG firewall with 2 NICs - LAN and WAN.  I decided to add another for DMZ and it totally breaks the firewall.  All NICs get reassigned.  Port 1 LAN becomes DMZ, Port 2 WAN becomes LAN, and the newly added Port 2 becomes LAN instead of the unassigned DMZ.  This is crazy.  It wouldn't be so bad if it didn't break all of my rules the depend on Port 2 being WAN, which means when I reassign the new Port 3 to WAN the interface name changes and all business rules that depended on Port2_GW_DHCP get abandoned since this interface no longer exists.

Is this expected?  Is there a simple way to rename ports and reassign them to their old name, role, and position?  This seems like a major bug.



This thread was automatically locked due to age.
Parents
  • 0
    So it looks like I am off in the weeds or no one has ever added another NIC after XG Firewall was set up. I am really hoping an update allows me to add another NIC, without renaming existing, and adds in an "unassigned" state - that way I can choose what this NIC's role is. It looks like I am stuck, either without a DMZ or recreating all of my rules. Also, this seems to be the default behavior too when restoring an XG Firewall to slightly different hardware config so I am assuming it's not just me.
  • 0 in reply to Timothy Stewart

    Just a thought. Maybe it would be easier to make a backup, reconfigure hardware, do basic setup and restore configuration from the backup.

    Regards,
    Slawek

Reply Children
  • 0 in reply to Slawski

    hes if this is an option it would be no problem., but also if i add the cards from first install sophos still wont put port1 and port2 where i want them an the pci passtrough device but instead on the vswitch

  • 0 in reply to Slawski

    This doesn't work.  You end up restoring the rules to the wrong NICs, which leads me to believe that this is a deeper system issue.  Even looking at the UTM documentation it pretty much says to never add a NIC later which leads me to believe that this is a long outstanding issue.  I may look elsewhere now for a UTM/Firewall since I don't see this being resolved anytime soon and if I am going to reconfigure all of my rules I may as well do it while evaluating something else.

Unfiltered HTML