This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Putting clients on RED and LAN onto same network

Hi,

I want to put all clients at a remote site on the same LAN as the main site.

LAN1 <-> UTM 9.7 SG210 <-> Internet <-> RED 15 <-> LAN1

I have followed this article https://community.sophos.com/kb/en-us/115668

The clients at the remote site receive an IP address via DHCP, but don't seem to have connection to anything else.

In the firewall log I see packets from the client at the remote site are marked as Spoofed packets.

If I turn off spoof protection I get connectivity between sites, but not to the internet.

IPS and ATP logs show nothing.

Any ideas?



This thread was automatically locked due to age.
  • Hi  

    Please check the packetfilter.log (firewall log in GUI). Also, have you created a Masquerading rule for this LAN-RED network? 

    Regards

    Jaydeep

  • Hi 

    What am I looking for in the firewall log? I have found the spoofed packets as mentioned, I don't see anything else. 

    Cheers

     

  • Hi,

    Please show us those two lines from the full Firewall log file.  Alone among the logs, the Firewall Live Log presents abbreviated information in a format easier to read quickly.  Usually, you can't troubleshoot without looking at the corresponding line from the full Firewall log file.  If you prefer, obfuscate IPs like 84.XX.YY.121, 10.X.Y.100, 192.168.X.200 and 172.2X.Y.51.  That lets us see immediately which IPs are local and which are identical.

    Also, show a picture of the Edit of the Interface definition where reds# is bridged with eth#.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Hi,

    Sophos tech support have said I need to bridge the RED 15 to the physical interface that is the gateway of the local LAN, eth0 in my case. 

    I have the RED 15 bridged to an unused in eth3 which gives me connectivity between sites but not the internet connected to the local LAN. 

    I have not bridged to eth0 as I read this will remove all config from the interface. 

    The remote site is already connected via another WIFI Bridge. The RED connection was to serve as a backup if the WIFI fails. I see a red 50 is not going to help as that only adds the ability to add VLANS. Would a Bridge between 2 UTM's be a better option here? 

     


    2020:01:24-09:56:27 septu ulogd[23687]: id="2005" severity="info" sys="SecureNet" sub="packetfilter" name="IP spoofing drop" action="IP spoofing drop" fwrule="60008" initf="br0" srcmac="" dstmac="f" srcip="192.168.X.100" dstip="192.168.X.14" proto="6" length="40" tos="0x00" prec="0x00" ttl="128" srcport="15088" dstport="445" tcpflags="ACK"

     

    Thanks

  • I have clients that use a RED tunnel as a backup, but it's not clear to me what your overall setup looks like.  I'm not comfortable making a recommendation outside of recommending that you get a strong UTM consultant to review your situation and your needs.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA