Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Subscribers 40 subscribers
  • Views 10766 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

LAN to WAN Firewall Rule with Bridge configuration dont work correctly

TheBalmasque

Hello everybody,

i'am now testing the new version of XG Firewall v17 at home. So far i like the new system even there are a lot of changes compared to UTM9.

But now i got a problem when i try to setup a simple LAN to WAN rule. All devices connected to Port1 (LAN) should be able to access any destination:

Source (LAN) -> Service (Any) -> ALL

My problem is, that the devices can't get a DHCP allocated IP address. Only when i setup the following configuration everything works: 

Source (ALL) -> Service (Any) -> ALL

But thats not the configuration i want.

 

This is my home configuration:

I am a long time user of UTM9 at home and in the office. There was a possibility to configure the following setting:

Internal Network (192.168.178.0/24) -> Service (Any) -> Any

Is there a way i can configure the same on XG Firewall v17?



This thread was automatically locked due to age.
  • +1

    Hi,

    the XG uses a different thought process to the UTM for setup.

    Basically you need destination any, network any, source any, network any, allow , masq, gateway( not sure masq and gateway are required in bridge mode). That will give you basic access for all devices.

    From there you can tune the for Applications and web processes as well as IPS.

    DHCP will work with the above basic rule. Again there are functions that can provide static IP addresses and control which devices (IP address) can access the internet etc, clientless users.

     

    Ian

    Update, my post is in theory, I haven't tried bridge mode, there is a loss of functionality in bridge mode but the basic rule about should work. What box is handing out the IP addresses?

    XG115W - v20.0.3 MR-3 - on holiday

    XGS118 waiting for licence to installed - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Thank you very much for your response.

    I think the XG Firewall is also a stateful firewall like the UTM9. When i set the rule to "Source Any" does that mean access just for any internal interface? Or does it mean even from outside (external)? Because this would not be good for a firewall setup.^^

     

    Regarding your question: The "Fritz Box" is handeling the DHCP service. So i turned on a DHCP relay to this device.

  • 0 in reply to TheBalmasque

    Hello,

    Yes, when you select any in source zone it includes every zone on your XG firewall including your WAN zone.

    Regards, Ronak.

  • 0 in reply to Ronak Sheth

    Thank you very much for your help. [Y]

Unfiltered HTML