Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 13935 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG Interface Aliases Do Not Receive Traffic

Chris Carter1

I have installed Sophos XG SFOS 17.0.5 MR-5 on a PC. I have set up several DNAT Business Rules for the WAN interface's default IP address. However, none of the DNAT rules for the interfaces's alias receive traffic. I have followed the information included here: https://community.sophos.com/kb/en-us/126541, and checked tcpdump to see if the traffic even registers there, and it does not. I cannot figure out what the trouble could be. I have tried with the alias setup with the same netmask as the default WAN IP address, and with a /32 netmask, and neither worked. Any help would be appreciated.



This thread was automatically locked due to age.
  • 0

    Can you share some screenshots from your WAN interface with DNAT along with a firewall rule using the DNAT. I have this configuration and mine is working and showing traffic.

     

    -Ron

  • 0 in reply to rrosson

    Ron,

    I appreciate the help. Here is what I have, which going by the guide I followed should be sufficient. External IP addresses redacted intentionally.

     

  • 0

    Hi Chris,

    If the traffic not regsiteredin Tcpdump that would mean either the ISP or your WAN router is blocking the request.

  • 0 in reply to Aditya Patel

    I would agree with that if I hadn't been using that address on the previous firewall I replaced with the new XG installation. No change was made from the ISP or the WAN modem between switching firewalls.

  • 0 in reply to Chris Carter1

    This isn't a solution, but it's the closest I have. I logged into the Comcast gateway modem, and looked up the connected devices table, and there were both of the WAN interfaces listed - the default and the alias. I noticed they had different MAC addresses, but I did not think of that as important, just a cursory mental note. I replaced the Sophos XG firewall with the old firewall just to see how it showed up in the modem's device table. It showed the same interfaces in the table. I also noticed that this firewall had given the alias the same MAC address as the default interface.

    I decided to check if I could set the alias on the Sophos XG to have the same MAC address as the default interface like the old firewall had. Obviously, this is not something the XG interface gives you the ability to do. 

    Not knowing anything else to do, I deleted both the business rule and the interface alias. I then recreated both the alias and the business rule. I looked back into the modem's connected devices table, and this time the alias had the same MAC address as the default interface. I tested the connection to the website, and it worked.

    I do not know if the MAC address of the alias being different from the default the first time was even the cause, nor can I fathom how it came to be different since the XG's interface does not give you the option to set the MAC address on an alias, or why it was set to be the same when it was recreated.

    I don't have an answer. I just hope this helps somebody who has a similar problem.