Since our old WatchGuard firewall died, I've set up a Sophos XG firewall as a matter of test.
Next to our gateway x.x.x.1 we've got a juniper SRX210 x.x.x.19 that functions as a VPN provider towards our motherfirm.
I've defined the routing towards the VLAN's as well as the zones of the VLAN's in the mother firm and created a rule that allows the LAN to the zones in the mother firm.
Pinging, tracert, etc all work fine.. I'm able to reach the servers at the other end.
But when I'm trying to connect to the iSeries with a Client Access client for instance, I'm not getting a connection.
All I see is that the traffic is denied and with the packet capture thingy, I receive a "Traffic_invalid" error.
If I add a manual route on a client, using the x.x.x.19 as default Gateway, the connection works, but printing from the iSeries to a local printer doesn't...
Can anybody advise please.
Thanks in advance for the effort
David.
Hi David,
Thanks for choosing Sophos.
"Traffic_invalid" error is reflected when the Firewall Rule to route the concerned traffic is not discovered by UTM.
In such instances you need to configure a Firewall Rule.
From the description I understand that iSeries is situated in the mother firm and the local printer is behind Sophos. Correct me if I am wrong here.
I request you to use our Packet Capture facility and configure it to capture the traffic oniSeries IP Address (when you initiate a Print). PFA screenshot
Have a look on " Reason " and "Status". If Rule is reflected as 0 then a Firewall Rule is missing.
Provide me an output and we proceed further :)
Thanks
Sachin Gurung
Sachin Gurung
Team Lead | Sophos Technical Support
Knowledge Base | @SophosSupport | Video tutorials
Remember to like a post. If a post (on a question thread) solves your question use the 'This helped me' link.
Quote