This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Getting internet interface to work

Ive installed XG as a test and its working, BUT, I have two interfaces "Internal" and "Internet"

I can web browse via this now as a proxy server but its sending all the traffic out of my internal interface (and that then takes it via our network default route out same as any device)and out onto the network that way, not out of my dedicated internet interface I have added. Having used UTM this was easy to fix. But how do you do it on XG ? I have set the policy for WAN to be internet but the traffic still goes out of internal by default.

Im sure its an easy fix but how ?

This thread was automatically locked due to age.

Parents

0 S248 over 6 years ago

You need to put your internet interface into the WAN zone and set the default gateway there. Then put the internal interface into LAN zone.
Cancel
Vote Up 0 Vote Down

Cancel
0 DuncanNewell over 6 years ago in reply to S248

Hi,

Thanks for the reply's.

My Internet interface is in WAN zone. yes. It also has the correct default gateway.

For testing I have a basic any-any Firewall rule, using my selected Web Policy.

I read on another post you cant use WAN for Web Proxy, this is gray out on mine, is this why ? (https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/91049/web-proxy-from-wan)
Cancel
Vote Up 0 Vote Down

Cancel
0 LuCar Toni over 6 years ago in reply to DuncanNewell

Proxy on WAN Interface is not allowed.

Device Access is talking about, which Services could be used on which Port / interface.

And most likely you do not want to present a Proxy on your WAN interface, so XG is protecting you for releasing a Public facing HTTP Proxy.

WAN zone has the Default Gateway - And all Internet Traffic is still send through internal Interface?

Did you create a Policy based Routing or something like that?
Cancel
Vote Up 0 Vote Down

Cancel
0 DuncanNewell over 6 years ago in reply to LuCar Toni

Thanks for the reply, I think I didn't get how it worked but I understand this I think now.

Obviously all web proxy traffic comes from internal (therefore proxy needs enabling on that) then goes out of one of the WAN interfaces.

I built this from an ISO image so some rules were in place already to get it working I just had to set the web proxy policy stuff.

I'll have another play around with it today.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 DuncanNewell over 6 years ago in reply to LuCar Toni

Thanks for the reply, I think I didn't get how it worked but I understand this I think now.

Obviously all web proxy traffic comes from internal (therefore proxy needs enabling on that) then goes out of one of the WAN interfaces.

I built this from an ISO image so some rules were in place already to get it working I just had to set the web proxy policy stuff.

I'll have another play around with it today.
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data