Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 26 subscribers
  • Views 1121 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall Policy misconfiguration

Mohamed Hussein1

Hi All,

please help me for this

we have HQ and many branches connected through lased line I'm using the firewall as a Gateway for all client inside main office, I created firewall policy and static route for all branches, I can see all branches from HQ but at the same time I couldn't see all client inside main office.

Note: We had fortigate in the same network it was working fine but after we bought Sophos this problem is appear, so I'm sure I configured everything very well but maybe there is something wrong with my configuration or something i don't understand

thanks in advance



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    When you say you are able to see all branches from HQ, I assume you mean you are able to connect/ping the Branch devices on their LAN IPs from XG.

    But I could not interpret what you mean when you say you couldn't see all client inside main office. Does that mean you're not able to reach clients from your Branch offices? Because, it would surely be available from our Main Office(HQ I assume).

  • 0 in reply to Jaydeep

    Hi Jaydeep,

    in my case yes, I able to see all branches from HQ ping and remote etc.. but from other side (Branches) I couldn't do the same thing I'm not able to reach clients from any branch.

    i got an invalid traffic from log file I'm going to share it with you.

     

     
    Time
     
    Log comp
     
    Action
     
    User name
     
    Firewall rule
     
    In interface
     
    Out interface
     
    Src IP
     
    Dst IP
     
    Src port
     
    Dst port
     
    Protocol
     
    Rule type
     
    Message ID
     
    Live PCAP
     
    Message
     
    Firewall
    2019-11-29 15:29:37
    Invalid Traffic
    Denied
    		  
    0
    		    
    192.9.200.210
    192.9.205.1
    		    
    ICMP
    0
    01001
    Open PCAP
    ICMP packets with invalid ICMP type/code.
Reply
  • 0 in reply to Jaydeep

    Hi Jaydeep,

    in my case yes, I able to see all branches from HQ ping and remote etc.. but from other side (Branches) I couldn't do the same thing I'm not able to reach clients from any branch.

    i got an invalid traffic from log file I'm going to share it with you.

     

     
    Time
     
    Log comp
     
    Action
     
    User name
     
    Firewall rule
     
    In interface
     
    Out interface
     
    Src IP
     
    Dst IP
     
    Src port
     
    Dst port
     
    Protocol
     
    Rule type
     
    Message ID
     
    Live PCAP
     
    Message
     
    Firewall
    2019-11-29 15:29:37
    Invalid Traffic
    Denied
    		  
    0
    		    
    192.9.200.210
    192.9.205.1
    		    
    ICMP
    0
    01001
    Open PCAP
    ICMP packets with invalid ICMP type/code.
Children
No Data