Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 41 subscribers
  • Views 10890 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

My XG Firewall is not routing between interfaces

Mohamed Hassan

Hi All,

I'm running Sophos XG home on Hyper-V and this is my current setup:

2 VMnic connected to internal vswitch, first VMnic has vlan 2 tagged and second has vlan 3 tagged. The XG has two ports or interfaces 192.168.2.254 and 192.168.3.254. There is nothing wrong with this it's all about putting the right firewall rule.


Basically if there is a computer in any of the networks they can only communicate with their network but not across the two networks.
I created two hosts objects for 192.168.2.0/24 and 192.168.3.0/24 and created firewall rule and they still won't communicate. I also tried same firewall with ports or interfaces. I tried any source network and destination network and none won't work.


I'm sure there is something blocking them because I can see from the firewall logs that packets from one network to another is denied. I unticked match knows users and won't make difference.
I tried this with Sophos UTM and no routing issues as soon as firewall rule created to allow routing and now I want to start using XG but can't get past this.

 

Can someone please help me??



This thread was automatically locked due to age.
  • 0

    Mohamed,

    on VLAN 2, are you able to ping XG vlan2 interface? On vlan3, are you able to ping XG vlan3 interface?

    Can you share your network configuration on XG and your firewall rule.

    Thanks

  • 0 in reply to lferrara

    Yes I am able to ping the interface IP between both but not anything else in the network.

     

    Source Zones = LAN, Source Networks and Devices = network2 (192.168.2.0/24) During Scheduled Time = All the Time

    Destination Zones = LAN, Destination Networks = network3 (192.168.3.0/24), Services = Any

    Match knows users not ticked

    Rewrite source address (Masquerading) * Use Gateway Specific default NAT Policy are ticked

     

    I can see kb traffic in this rule so defiantly there is something blocking the traffic.

     

    Network configuration:

    Port1 = LAN, Physical, Static IP 192.168.2.254/24

    Port2 = LAN, Physical, Static IP 192.168.3.254/24

  • 0

    Question: what is it you are trying to accomplish here?  If you tagged the NICs, where did you tag them? Did you tag the interfaces? on the Sophos?

    If you have a BPF setup it should give you a reason the traffic is dropped. I'm not totally certain why you have the vlan tagging as at a routing level you don't usually use that unless they were both hooked up to a similarly tagged switch to provide network access on different networks through the same switch. You'd also want to ensure that the switch port(s) in question are PVID'd and/or tagged or whatever the switch vendor's nomenclature is depending on what you're trying to accomplish.

     

    Cheers.

  • 0 in reply to Mohamed Hassan

    Hi Mohamed,

     

    This firewall rule worked for my home lab

     

    Thanks for your help

Unfiltered HTML