Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

My XG Firewall is not routing between interfaces

Hi All,

I'm running Sophos XG home on Hyper-V and this is my current setup:

2 VMnic connected to internal vswitch, first VMnic has vlan 2 tagged and second has vlan 3 tagged. The XG has two ports or interfaces 192.168.2.254 and 192.168.3.254. There is nothing wrong with this it's all about putting the right firewall rule.


Basically if there is a computer in any of the networks they can only communicate with their network but not across the two networks.
I created two hosts objects for 192.168.2.0/24 and 192.168.3.0/24 and created firewall rule and they still won't communicate. I also tried same firewall with ports or interfaces. I tried any source network and destination network and none won't work.


I'm sure there is something blocking them because I can see from the firewall logs that packets from one network to another is denied. I unticked match knows users and won't make difference.
I tried this with Sophos UTM and no routing issues as soon as firewall rule created to allow routing and now I want to start using XG but can't get past this.

 

Can someone please help me??



This thread was automatically locked due to age.
Parents
  • Mohamed,

    on VLAN 2, are you able to ping XG vlan2 interface? On vlan3, are you able to ping XG vlan3 interface?

    Can you share your network configuration on XG and your firewall rule.

    Thanks

  • Yes I am able to ping the interface IP between both but not anything else in the network.

     

    Source Zones = LAN, Source Networks and Devices = network2 (192.168.2.0/24) During Scheduled Time = All the Time

    Destination Zones = LAN, Destination Networks = network3 (192.168.3.0/24), Services = Any

    Match knows users not ticked

    Rewrite source address (Masquerading) * Use Gateway Specific default NAT Policy are ticked

     

    I can see kb traffic in this rule so defiantly there is something blocking the traffic.

     

    Network configuration:

    Port1 = LAN, Physical, Static IP 192.168.2.254/24

    Port2 = LAN, Physical, Static IP 192.168.3.254/24

Reply Children
No Data