Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 11 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 20310 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG - cant ping/access the hosts from outside

cengor

Hey guys,

 

i have an issue with accessing to one of our public ip+directed domains from outside. We have 2 ISP behind of XG and one of them is working without problem (Port 4). Other one (Port 2) is an ISP router and  interface set as DHCP. Somehow i can not ping/access to Port2.

 

I tried to find a solution online and did a few tests but was not successful. 

 

I will be so happy if you can help me to figure it out.

 

Cheers,

 

Cenk



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to cengor

    Cenk,

    Remove the alias IP 192.168.2.252 on your port 2 (WAN)

    That's an IP in the same range as your LAN range, but on your WAN side. That doesn't make sense!

  • 0 in reply to 2ServeErik

    Hey,

    Thanks a lot for the tip. Did it right away!

    Any suggeastion regarding my ping/access problem to public ip?

  • 0 in reply to cengor

    To ping your WAN IP, you need to go to System > Administration > Device Access > Local Service ACL. Here select Pin/Ping6 for WAN zone.

    I would only recommend to do that temporarily for troubleshooting.

    For your access problem: in rules 10, 9 (and maybe also 7) change source to WAN 192.168.3.101

    Good luck

  • 0 in reply to 2ServeErik

    I tried that also before but no success.

    And, why i should be able to ping my other ISP public ip which is on another router but cant ping the other one?

    I am really stuckedhere and hope for a help.

    Thanks

  • 0 in reply to cengor

    Cenk,

    For the ping problem: in the log viewer, add a filter "protocol is ICMP". Here you should be able to confirm if the ping-requests reach your Sophos XG or not. Don't forget that the ping-reply has to get back to your machine that sent the ping-request. Maybe that's blocked by the ISP router.

    You can also try a tracert / trace route command. Maybe it's a routing issue...

    Good luck

  • 0 in reply to 2ServeErik

    Hi,

    i can confirm that i see ICMP requests for my public ip which error message says "message="ICMP packets with invalid ICMP type/code."

    What is wondering me is that i can ping my public ip from my LAN without problem. Since we can see the ping requests at XG, can it be that XG is not answering to the requests because of one missing route or something?

    Thanks a lot guys!

  • 0 in reply to cengor

    Hi Cenk,

    You have 2 WAN interfaces. Are both set to Active? Both have the same weight? (Configure > Network > WAN Link Manager)

    Secondly, can you go to Monitor&Analyze > Tools > Traceroute and tracert 8.8.8.8 once via Interface 2 and then via Interface 4
    Can you paste a screenshot of both results? Or you can PM me the screenshots

    Thanks