Sophos UTM 9.7 Not routing between interfaces

Ok, i'll try to help..

The configuration looks ok.

If you can ping 8.8.8.8 - routing/masquerading is OK

Are you able to ping/traceroute www.google.de and ftp.astaro.com

Do you enable Webprotection?

Open firewall-live-log ... you should see the connection attempts.

Check application control ... for some reason i have disabled HTTP already.

Which version do you use? With 9.703 there are packet forwarding problems possible.

Hi Dirk and thanks for the reply.

I can't ping www.google.de or any other website for that matter. But traceroute results from webadmin all seem to be fine. I will check application control and read up on the possible packet forwarding issues. I am using version 9.702. All else fails maybe best to try an older version/ Below screenshots of the traceroutes:

Hi Dirk and thanks for the reply.

I can't ping www.google.de or any other website for that matter. But traceroute results from webadmin all seem to be fine. I will check application control and read up on the possible packet forwarding issues. I am using version 9.702. All else fails maybe best to try an older version/ Below screenshots of the traceroutes:

On your client PC what do you see when you "nslookup" ?

Which DNS-server responds to your client computer? Also on this client computer can you show us the output of the "route print" command, especially for the 0.0.0.0 destination(s)

Hi apijnappels,

The nslookup to google.com unfortunately returns "unknown":

And for route print the output for 0.0.0.0 is:

Looks like IPv6 DNS-server is the culprit.

Your router may hand-out IPv6 addresses. Maybe you can configure the router not to do so but you can't always prevent the IPv6 DNS-server from being configured and if that's the case I believe disabling IPv6 on the client might be the only solution since IPv6 DNS-server has precedence over IPv4.

thanks for the suggestion. I tried disabling it on the client and on the laptop running the UTM but without success.

Whatever the problem is, should I not be seeing something in the firewall log file? The only drops I am seeing in the log fine are not for the times I am trying to connect (everything else is green), but in case the few drops shed some light here is one of them (all are similar):

2020:04:24-06:46:21 utm ulogd[4583]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x3441" app="1089" srcip="192.168.0.110" dstip="192.168.0.100" proto="17" length="78" tos="0x00" prec="0x00" ttl="128" srcport="137" dstport="137"

No, you shouldn't see something ...

If DNS is not working, your Notebook don't know which IP it should connect to reach a webpage.

This webpage schould be reacheble with IP too http://52.19.29.214  (http://ftp.astaro.com)

Do you enable IPv6 for internal LAN?

Hi Dirk,

IPv6 is disabled on internal LAN.

I can browse to http://52.19.29.214

But cannot browse to http://ftp.astaro.com

UPDATE

I manually added 8.8.8.8 and 8.8.4.4 to the client DNS settings and the client is now working.

Sidenote: This has been troubling me for so long I keep making sure the client is definitely connect to the LAN, and WiFi is off.

Alfred

So i would check the DHCP-settings.

Servers configured here should be pushed to the client.

Feel free to post the DHCP-Server settings and ipconfig /all from client (without static DNS configured)

Hi Dirk,

You pointed me in the right direction. Finally all sorted and working perfectly through the AP.

If anyone struggles with similar setup as mine, the main configurations that were troublesome were the DNS as well as setting the Gateway in the AP (Gateway must be the UTM IP).

Thanks again, now to dig in and set recommended UTM security settings.

Alfred