Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 29 subscribers
  • Views 1137 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Getting internet interface to work

DuncanNewell

Ive installed XG as a test and its working, BUT, I have two interfaces "Internal" and "Internet" 

 

I can web browse via this now as a proxy server but its sending all the traffic out of my internal interface (and that then takes it via our network default route out same as any device)and out onto the network that way, not out of my dedicated internet interface I have added.  Having used UTM this was easy to fix.  But how do you do it on XG ? I have set the policy for WAN to be internet but the traffic still goes out of internal by default.

Im sure its an easy fix but how ?



This thread was automatically locked due to age.
Parents
  • 0

    You need to put your internet interface into the WAN zone and set the default gateway there. Then put the internal interface into LAN zone.

  • 0 in reply to S248

    Hi,

    Thanks for the reply's.

    My Internet interface is in WAN zone. yes.  It also has the correct default gateway.

    For testing I have a basic any-any Firewall rule, using my selected Web Policy.

    I read on another post you cant use WAN for Web Proxy, this is gray out on mine, is this why ? (https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/91049/web-proxy-from-wan)

    Thanks, Duncan

  • 0 in reply to DuncanNewell

    Proxy on WAN Interface is not allowed.

    Device Access is talking about, which Services could be used on which Port / interface.

    And most likely you do not want to present a Proxy on your WAN interface, so XG is protecting you for releasing a Public facing HTTP Proxy. 

     

    WAN zone has the Default Gateway - And all Internet Traffic is still send through internal Interface? 

    Did you create a Policy based Routing or something like that? 

    __________________________________________________________________________________________________________________

  • 0 in reply to LuCar Toni

    Thanks for the reply, I think I didn't get how it worked but I understand this I think now. 

    Obviously all web proxy traffic comes from internal (therefore proxy needs enabling on that) then goes out of one of the WAN interfaces.

    I built this from an ISO image so some rules were in place already to get it working I just had to set the web proxy policy stuff.

    I'll have another play around with it today.

    Thanks, Duncan

Reply
  • 0 in reply to LuCar Toni

    Thanks for the reply, I think I didn't get how it worked but I understand this I think now. 

    Obviously all web proxy traffic comes from internal (therefore proxy needs enabling on that) then goes out of one of the WAN interfaces.

    I built this from an ISO image so some rules were in place already to get it working I just had to set the web proxy policy stuff.

    I'll have another play around with it today.

    Thanks, Duncan

Children
No Data
Cookie Information Banner