Below is a rough sketch on my network. VLANs have been set on and by the ISP on their side. VLAN1 is for data. Which means PCs on the left should communicate with those on the right and vice.
From the right I can only ping upto the Sophos which is 10.10.1.1(via static routes). Beyond that, I cannot ping. I hope to get the left side to get DHCP ip addresses from the left side.
I think we are getting somewhere.
Remember, the first issue was I couldn't ping internal resources behind the Sophos XG? Well, the solution was this:
Under Hosts and Services->, I created…
Take a look at this packet capture. I think it means something. I have tried to play with the Local_ACL but can't seem to get it right.
I think this can help.
Under Hosts and Services->, I created two hosts. 1) The_Last_Network (a.k.a the branch office network 192.168.8.0) and 2) Our_Network (a.k.a HQ 10.10.1.0)
Then I created a firewall rule, basically,
LAN, Our_Network, Any Services
And Vwala, I could ping internal resources.
Problem 2, was to get DHCP to work.
so Under Adminstration-> Device Access->Local service ACL exception rule->Add
Source zone: LAN
Source Netowrk/ Host: TheLast_NetworkDestination Host: HQ (10.10.1.1)
Services: All of themAfter this I no longer get issues in the packet Capture concerning port 67 and 68Which is good, except my user PC is not receiving an IP address.
Thank you for the screenshot!
Yes it means the XG was missing a rule to allow this traffic!
As per the issue with the DHCP, what you did I don't think it is necessary, but what are you seeing now when you do a tcpdump?
Do you see the requests arriving to the XG?
Also I don't understand the setup very well, you have a bridge with 10.10.1.1/24 but also Port2 has 10.10.1.10 /8
Below is the tcpdump screenshot, I think my Sophos is getting requests.As for the Bridge, let me get back to on that.
Thank you for the follow-up!
I will be pending of your update.