Sophos UTM: Decommissioning of obsolete URL categorization services CFFS. Click here for important info.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Cannot Ping Other Subnet; Nothing in Logs

Hi, I know this has been posted many times but the answers I found are not working. I cannot going a subnet on a different interface on my UTM. I can ping OTHER subnets, so something tells me it's a setting with this one in particular that's stopping it. The interface is the DMZ, though I'm using it more as a local testing network to set up a new gateway. 

The logs say my pings are falling back to fwrule 60002 but I'm not sure why, as I have PING enabled from my LAN to the DMZ. After trying, I downloaded the IPS and Firewall logs and don't see anything even trying to go to the IP I'm attempting to ping. Is there some other place I should be looking?

I can, however, ping it from the UTM itself.



This thread was automatically locked due to age.
  • You would need to show us your subnets here for your LAN2 and DMZ.  My first guess is your subnets aren't matching, for example, one is /16 and the other is /18.

    PFSense Plus 23.05 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | Fiber Conn (awaiting ATT Fiber)
    (Former Sophos UTM Veteran, XG Rookie)

  • Hey Jeff,

    You don't need to include "DMZ (Address)" in the rule as that is included with "DMZ (Network)."  In addition to inserting a picture of the LAN2 and DMZ interface definitions as Amodin requests, also copy here one of the relevant 60002 lines from thee firewall log.

    Cheers - Bob

    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thanks all. Go it working now. Yes, it was likely an IP conflict since I my laptop was connected to the management port of the XGS (which is on the DMZ for testing purposes), I also had another connection to the LAN of the XGS, PLUS a wifi connection to my current LAN through the UTM (to which the XGS is also connected so I could test things). Once I disconnected my ethernet<->XGS, only leaving the Management Port active, ping worked.