This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Strange VLAN Routing Issue

Hi All - 

I have an issue that I'm hoping will be simple.

I have 2 VLANs and I'm able to ping and view devices on the 2nd VLAN without specifically allowing the traffic with a firewall rule.  How is this possible?  If I run a trace route from the first VLAN to the 2nd I can see that the traffic is hitting the UTM interface first and I only have layer 2 switches is use.  What am I missing?

I even setup a deny rule and moved it to the top of the list and traffic is still allowed.

This thread was automatically locked due to age.
  • Hi.

    Without knowing your infrastructure in detail. 

    Please have a look on at your configuration at "Network Protection -> Firewall -> ICMP". This could be activated there.

    Sophos Gold Partner
    4TISO GmbH, Germany
    If a post solves your question click the 'Verify Answer' link.
  • Possible you globally allow ICMP?
    Please check Network-protection / Firewall / icmp.
    Post the setting if you are unsure...


    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • Hey Scott - long time no see - welcome back!

    Thom and Dirk probably nailed it for you.  You might want to consult #2 in Rulz (last updated 2021-02-16) when you have similar issues in the future.

    Cheers - Bob

    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA