This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

COMMUNICATION BETWEEN VLANs and INTERNET

Hi all, am using CR750iNG-XP (SFOS 17.5.9 MR-9) - the OS has been replaced with a SOPHOS OS, so it's SOPHOS XG FIREWALL- at my internet gateway. I also have a CISCO Catalyst Layer 3 (4507R-E)switch as the core switch on my LAN with other layer 2 cisco switches. I have setup VLANs on my CISCO core switch, inter-vlan routing was successful, communication between the vlans and the interface of the XG Firewall was also successful.But communication between vlans and the internet is giving me issues.Anyone with an idea should kindly help please. Thank you

This thread was automatically locked due to age.

Parents

0 lferrara over 5 years ago

Ezekiel,

can you clarify the issue you have? Did you create a default route on Cisco Layer 3 switch?

https://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/16448-default.html

ip route 0.0.0.0 "xg lan ip or the ip of the XG interface connected to Cisco Layer 3 device"
Cancel
Vote Up 0 Vote Down

Cancel
0 Ezekiel Dawal1 over 5 years ago in reply to lferrara

Hi Mr Iferrara

Thanks so much for your swift response

I have ran the default route as you recommended but am still not getting out into the internet from my LAN through the XG firewall

Any further assistance will be appreciated please

Thank you
Cancel
Vote Up 0 Vote Down

Cancel
0 lferrara over 5 years ago in reply to Ezekiel Dawal1

Are you able to ping XG lan interface from vlans?

Did you create a LAN to WAN where matching known users checkbox is disabled?

Thanks
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 lferrara over 5 years ago in reply to Ezekiel Dawal1

Are you able to ping XG lan interface from vlans?

Did you create a LAN to WAN where matching known users checkbox is disabled?

Thanks
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Ezekiel Dawal1 over 5 years ago in reply to lferrara

YES.I CREATED LAN TO WAN FIREWALL RULE TO ALLOW ACCESS TO THE INTERNET. I ALSO CREATED STATIC ROUTES FOR ALL THE VLANs ON SOPHOS XG.I WAS ABLE TO PING THE XG INTERFACE, BUT UNABLE TO GO OUT TO THE INTERNET.

I NEED FURTHER GUIDE TO GET THIS RIGHT PLEASE.

THANK YOU
Cancel
Vote Up 0 Vote Down

Cancel
0 jprusch over 5 years ago in reply to Ezekiel Dawal1

Hello Ezekiel,

you know that you have to do NAT/MASQerading on the gateway between private and public IP-networks?

That means a separate MASQ-Rule for every VLAN "inside" that should be able to reach ressources on the internet.

Mit freundlichem Gruß, best regards from Germany,

Philipp Rusch

New Vision GmbH, Germany
Sophos Silver-Partner

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Cancel
0 Resolution 24x7 over 5 years ago in reply to Ezekiel Dawal1

Hi Ezekiel,

1) Please share the snapshot of Network > Interface that shows entire interface configuration including VLAN's.

2) Snapshot of Routing > Static Route, where you have added static route

3) Get output of below command from the system :

cmd > tracert -d 103.23.140.55

Regards,
Resolution 24x7
Cancel
Vote Up 0 Vote Down

Cancel