Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 26 subscribers
  • Views 1574 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Traffic from XG to RED does pass through

AlexanderPoettinger

We have a cluster of XGs (SFOS 17.5.8) and three RED15 (Pattern 2.0.018) in remote offices.
The three REDs are connected, there is a tunnel active, I can see DHCP addresses delivered to the LANs in the REDs networks.

All the active directory controller are on the main LAN behind the XG and Computers in the REDs networks have been succesfully added to the domain.
The computers succesfully get Policies from the AD controllers.

There are firewall rules that allow Any/Any in both directions for the REDs networks.

Still we are not able either to ping or access any device in the RED networks from the main network behind the XG.
The only devices that can be pinged are the REDs themselves.

Are we missing something?



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Keyur

    Hallo, here the infos; sorry for the late answer. Was on holiday :-)

    1. SSH route -n

    XG230_WP01_SFOS 17.5.8 MR-8# route -n

    Kernel IP routing table
    Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
    10.1.0.0        0.0.0.0         255.255.252.0   U     0      0        0 Port1
    10.1.200.0      0.0.0.0         255.255.255.0   U     0      0        0 tun0
    10.20.0.0       10.1.200.1      255.255.255.0   UG    0      0        0 tun0
    10.21.0.0       10.1.200.1      255.255.255.0   UG    0      0        0 tun0
    10.250.1.0      0.0.0.0         255.255.255.0   U     0      0        0 Tel_WLAN
    10.255.0.0      0.0.0.0         255.255.255.0   U     0      0        0 GuestAP
    192.168.4.0     0.0.0.0         255.255.255.0   U     0      0        0 Port3
    192.168.20.0    0.0.0.0         255.255.255.0   U     0      0        0 Port1.2
    192.168.30.0    0.0.0.0         255.255.255.0   U     0      0        0 Port1.3
    192.168.35.0    0.0.0.0         255.255.255.252 U     0      0        0 Port6
    192.168.40.0    0.0.0.0         255.255.255.0   U     0      0        0 Port1.4
    192.168.50.0    0.0.0.0         255.255.255.0   U     0      0        0 Port1.5
    192.168.127.0   0.0.0.0         255.255.255.0   U     0      0        0 reds1
    192.168.128.0   0.0.0.0         255.255.255.0   U     0      0        0 reds2
    192.168.129.0   0.0.0.0         255.255.255.0   U     0      0        0 reds3
    192.168.130.0   0.0.0.0         255.255.255.0   U     0      0        0 reds4
    213.61.207.24   0.0.0.0         255.255.255.248 U     0      0        0 Port2

    2. Will check as soon as a computer gets an IP address behind the REDs

    3. There are Policies active in the AD that allow all traffic to the interfaces from all the domain networks. Policies are beeing read and executed on remote computers behind REDs.

  • 0 in reply to AlexanderPoettinger

    Thanks Alexander for your output. Did you follow all the steps defined here:

    https://community.sophos.com/kb/en-us/126454

    Also, are you able, from XG command line to ping a device behind the RED?

    Thanks