Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos xg85 WLAN - separate zone issues

Hi,

with our new xg85 for our Branch Office we have a Problem with the guest WLAN with separate zone. Most Websites are hanging and some doesn't come up completeley.

With a test WLAN with bridge to ap-lan everything works fine.

This are normal wlans with wpa2 personal/AES Security. For the guest WLAN the policy ist set from  this LAN-segment  with any services to wan is allowed. Same rule for bridge-to LAN works perfect.

Any hints?

Thanks you,

best regards,

Markus



This thread was automatically locked due to age.
Parents
  • Hi,

    here is a tcpdump result when a client from this guest-wlan try to open werbsites:

    10:11:30.125306 vxlan3.100, IN: IP <Client-IP>.56114 > <Destination IP>.80: Flags [R.], seq 8592, ack 65315, win 0, length 0

    10:11:30.125306 <Guest-WLAN-Name>, IN: IP <Client-IP>.56114 > <Destination IP>.80: Flags [R.], seq 8592, ack 65315, win 0, length 0
    10:11:30.125740 vxlan3, IN: P <Client MAC-address> ethertype Unknown (0x0064), length 60:
    0x0000: 0000 0800 4500 0028 2bb3 4000 8006 5803 ....E..(+.@...X.
    0x0010: ac12 6465 0210 6492 db45 0050 5ae3 3e08 ..de..d..E.PZ.>.
    0x0020: b419 06b6 5014 0000 0966 0000 ....P....f..

    Any hints?

  • Frozeneye,

    contact the Sophos support to check if it is a limitation with the current firmware.

    Luk

Reply Children