Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 2 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 3998 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Routing/Firewalling - two gateways on Head Office LAN segment

Dale Sayers

Hi all,

I've hunted through the forum but I am unable to find precisely what I am experiencing.  I think my issues is related to firewalling.

I have a network with two gateways.  One is a managed router controlling access to all of our remote sites.  The second router is the XG330.

I wish to set the XG330 as the default gateway for the local network and have it route traffic for our remote sites through the managed router on the LAN interface.

I cannot reconfigure the network to place the managed router behind the XG so I am stuck with this configuration.  I had a UTM9 (AG220) prior to purchasing the XG330 and this configuration worked.

I have been playing with the new router for the last few days and have managed to get it to publish some of our internal services to the internet but I cannot get it to allow traffic initiated from the remote sites.

However, if I ping a PC at the remote site and have the remote PC ping back the packets arrive at their destination from the remote PC.  Once I stop ping from my local segment after a short time the remote PC is unable to ping my PC again and receive request timed out.

Below is the Unicast Route configuration

Below is the Firewall Rule for LAN to MWAN traffic

Any suggestions welcome but I am unable to reconfigure the Managed Router so it has to stay as is.



This thread was automatically locked due to age.
Parents
  • +1

    Hi Dale,

    I suspect issue is Asymmetric routing, Your traffic from Local to remote must have traversed via Hostmachine>XG>Router(LAN)>Remote Site and the reply went from remote>Router(LAN)>Hostmachine.

    If that is the case configure bypass rule for remote network.

     

    Console>set advanced-firewall bypass-stateful-firewall-config add source_network 1.1.1.1 source_netmask 255.255.255.0 dest_network 2.2.2.2 dest_netmask 255.255.255.0

    Console>set advanced-firewall bypass-stateful-firewall-config add source_network 2.2.2.2  source_netmask 255.255.255.0 dest_network 1.1.1.1 dest_netmask 255.255.255.0

    Output:
    Set BypassFirewall Successfully Done.

    Regards,

    Aditya Patel
    Global Escalation Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.

  • 0 in reply to Aditya Patel

    Absolutely spot on!  Fixed with your assistance!  Much appreciated.

Reply Children
No Data
Cookie Information Banner