No Internet

Hey Don,

if Masquerading, DNS and so on is working correctly it could be a Firewall Rule issue. Since everything in your Pictures are Default Drops post a picture of your Firewall Rules please.

Regards

Jason

Hey Jason.  Thanks for the quick response.  Firewall rules are the canned ones generated by the wizard.

My WAN really isn't my WAN.  I have the UTM set up behind my gateway.  I turned DHCP off on the the UTM and I am using DHCP from my gateway router.  I thought that might be an issue, so I connected the UTM right behind my modem and got exactly the same results.  I thought that maybe there was a problem with one of the NIC's maybe only getting traffic one way, so I reinstalled and swapped the position of the cards in the interface (not physically) so that the traffic would run the other way.  Same symptoms.

Hi Don,

i also have alot of configs where the UTM is behind a gateway with DHCP but the WAN always uses are different IP Range, like this:

then u need a Masquerading Rule as well

I have the Net MASQ rule I think:

If I set a different subnet like that, will machines on both still be able to talk?  I guess it does not matter really, so long as I can get it to work.  In the end, I want this to be right behind my modem with all of my traffic running through it, but I have to get it going first before i take my entire network down.  But I am not certain that this will make a difference.  I had it set up right behind the modem already and the UTM box received my public IP address from my ISP, but I still was not able to get to the internet.  I will try again.

Hey Don,

well the only thing i see (its already late night here bit tired ;) ) is the same subnet for internal and external i never did that so i dont know the symptoms.

Because if Masquerading is translating IP Addresses into Public if both ranges are the same i dont know how this is supposed to work. I could be wrong tho

Regards

Jason

So, I changed the UTM Network IP range to be 192.168.2.0 and the webadmin access to 192.168.2.100 and I have the same issue.

A little more information.  I thought maybe reaching the internet from the same machine that I am accessing webadmin was not possible, so I turned on DHCP, connected a switch between the UTM and the webadmin machine.  Then I connected another machine and got an IP Address (192.168.2.101) but still no internet.  When I try to open a web page, I get a page generated by the UTM saying that the network is not available.

More fiddling.....I got a completely different box set up and ran through the installs - both the wizard and the install detailed here http://techbast.com/2015/03/perform-a-basic-configuration-sophos-utm-in-12-simple-steps.html and have the exact same results.  The firewall live log is solid red.  Both internal and external interfaces are showing traffic, but no internet.  Using Support > Tools > Ping Check I can ping 8.8.8.8 and google.com.  I can also ping the web admin address internally as well as machines that are on the internal network, but different subnet (Sophos box is 192.168.2.100 and everything else is 192.168.1.x), but all other external pings are 100% loss.

This has to be something silly that is being overlooked.  Why is the firewall dropping all traffic when it is set to Sources > Internal (Network), Services > Any, Destinations > Any?

Thanks in advance to anyone with any insight.

Don F.

Hello Don,

do you have a plan of your network with ports / Ips and Devices so we can see that visualy.

Regards

Jason

I have set it up both ways with the same results:

Hi,

Before my Friend Balfson joins i will take his part:

Please check #2 in Rulz : https://community.sophos.com/products/unified-threat-management/f/general-discussion/22065/rulz

Regards

Jason

Hi,

Before my Friend Balfson joins i will take his part:

Please check #2 in Rulz : https://community.sophos.com/products/unified-threat-management/f/general-discussion/22065/rulz

Regards

Jason

I have read the rulz, but i am afraid that I do not understand what most of them are referring to:

#2

1. I do not know what the Connection Tracker is - still searching for an answer
2. country blocking is off - does it need to be on in order to not block?  i think the opposite is true
3. I have checked and unchecked the ICMP boxes in just about every conceivable combination with no perceivable changes
4. Intrusion Prevention has been enabled and disabled to no effect
5. I do not know what a DNAT is - i have Netmasq set up on Network Protection > NAT - probably not the same thing
6. VPN is off/not set up
7. proxies are off/not set up
8.  just have the one firewall rule that allows all internal via all services to reach all destinations
9. application control is off

Have I missed something in this rule set that is preventing access to the internet?

Hi,

1. They enable multiport protocols to work with the firewall or NAT rules. (See Network Protection / Firewall / Advanced - but should not do anything in your case)

2. No does not to be on

3. ICMP should not do anything if we are talking about internet access in general

4. If it is off it cant block anything

5. DNAT can move traffic based on the Destination.

6. Cant have any effect if it is off

7. Cant have any effect if it is off

8. More you dont need

9. Cant have any effect if it is off

So, ^^^^^^this guy^^^^^^^ is awesome and reflects great credit upon himself, his countrymen, his profession and this forum.  Thank you Jason Klein for all of your assistance.

Hi Don and welcome to the UTM Community!

Agreed with your observations!

Cheers - Bob