Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 39 subscribers
  • Views 9922 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

routing traffic over an alternate gateway (fixed VPN with other plant) without TRAFFIC_INVALID

DavidCox

Since our old WatchGuard firewall died, I've set up a Sophos XG firewall as a matter of test.

Next to our gateway x.x.x.1 we've got a juniper SRX210 x.x.x.19 that functions as a VPN provider towards our motherfirm.

I've defined the routing towards the VLAN's as well as the zones of the VLAN's in the mother firm and created a rule that allows the LAN to the zones in the mother firm.

Pinging, tracert, etc all work fine.. I'm able to reach the servers at the other end.

But when I'm trying to connect to the iSeries with a Client Access client for instance, I'm not getting a connection.

All I see is that the traffic is denied and with the packet capture thingy, I receive a "Traffic_invalid" error.

If I add a manual route on a client, using the x.x.x.19 as default Gateway, the connection works, but printing from the iSeries to a local printer doesn't...

Can anybody advise please.

Thanks in advance for the effort

David.



This thread was automatically locked due to age.
Parents
  • 0

    Hi David,

    Thanks for choosing Sophos.

    "Traffic_invalid" error is reflected when the Firewall Rule to route the concerned traffic is not discovered by UTM.

    In such instances you need to configure a Firewall Rule.

    From the description I understand that iSeries is situated in the mother firm and the local printer is behind Sophos. Correct me if  I am wrong here. 

    I request you to use our  Packet Capture facility and configure it to capture the traffic oniSeries IP Address (when you initiate a Print). PFA screenshot

    Have a look on " Reason " and "Status". If Rule is reflected as 0 then a Firewall Rule is missing. 

    Provide me an output and we proceed further :)

    Thanks

    Sachin Gurung

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Reply
  • 0

    Hi David,

    Thanks for choosing Sophos.

    "Traffic_invalid" error is reflected when the Firewall Rule to route the concerned traffic is not discovered by UTM.

    In such instances you need to configure a Firewall Rule.

    From the description I understand that iSeries is situated in the mother firm and the local printer is behind Sophos. Correct me if  I am wrong here. 

    I request you to use our  Packet Capture facility and configure it to capture the traffic oniSeries IP Address (when you initiate a Print). PFA screenshot

    Have a look on " Reason " and "Status". If Rule is reflected as 0 then a Firewall Rule is missing. 

    Provide me an output and we proceed further :)

    Thanks

    Sachin Gurung

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

Children
No Data
Unfiltered HTML