Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 27 subscribers
  • Views 1896 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAN Can't connect to internet

Katie Mazanek

I have a Dell Optiplex 3020 with a dual NIC. I have successfully installed the Sophos XG Firewall software on to the desktop. I set the static IP on the LAN. I currently have the LAN port unplugged and I have the WAN port plugged in to my switch (I want to get the deviced programmed before placing it behind my modem)

I am able to ping the LAN IP on the network when only having the WAN port connected to my switch. To say that I am green when it comes to firewalls and networking is being generous, so please forgive me for my lack of knowledge and understanding. I have a great guide to set up the firewall....but I can find no help about my internet connection issue. 

So currently, LAN has a static IP, WAN is set to DHCP, WAN is plugged in to the switch on my flat network for programming and I receive this error: Failed to connect to internet, Failed to connect to registration service

I even placed it right behind my modem (modem to WAN) and plugged my laptop in to the LAN port on the firewall device and am still unable to get a connection to the internet and the registration service. 

Any advice?

 

     



This thread was automatically locked due to age.
Parents
  • 0

    Hello Katie,

    Thank you for contacting the Sophos Community!

    In order to check if the XG is getting an IP on the WAN interface, you need to SSH into the device for this you need to follow this KB don't worry about enabling SSH on the LAN by default it is on.

    Putty should look like this and you need to enter 172.16.16.16

    Once you SSH and enter the Admin user and Admin password, you need to press 5 followed by 3 to end up in the advanced shell.

    From here try running the following command:

    #ping 8.8.8.8

    Most likely it will give you an error, if it does run

    #ifconfig 

    You will get an output as the below but you need to focus on the Port2

    Port2 Link encap:Ethernet HWaddr 00:1A:8C:43:AE:69
    inet addr:200.200.200.200 Bcast:200.200.200.255 Mask:255.255.255.0
    inet6 addr: fe80::21a:8cff:fe43:ae69/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:39479695 errors:0 dropped:0 overruns:0 frame:0
    TX packets:38366645 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:25003818671 (23.2 GiB) TX bytes:10380402512 (9.6 GiB)
    Memory:d0900000-d091ffff

    You need to chek the highlighet part and see what IP you are getting, if you see a 128.0.0.0 or 169.x.x.x then it means the XG is not getting an IP on the WAN interace.

    If it is getting an IP let us know which IP, it would depend on the IP received what to check next. 

    Regards,

     

Reply
  • 0

    Hello Katie,

    Thank you for contacting the Sophos Community!

    In order to check if the XG is getting an IP on the WAN interface, you need to SSH into the device for this you need to follow this KB don't worry about enabling SSH on the LAN by default it is on.

    Putty should look like this and you need to enter 172.16.16.16

    Once you SSH and enter the Admin user and Admin password, you need to press 5 followed by 3 to end up in the advanced shell.

    From here try running the following command:

    #ping 8.8.8.8

    Most likely it will give you an error, if it does run

    #ifconfig 

    You will get an output as the below but you need to focus on the Port2

    Port2 Link encap:Ethernet HWaddr 00:1A:8C:43:AE:69
    inet addr:200.200.200.200 Bcast:200.200.200.255 Mask:255.255.255.0
    inet6 addr: fe80::21a:8cff:fe43:ae69/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:39479695 errors:0 dropped:0 overruns:0 frame:0
    TX packets:38366645 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:25003818671 (23.2 GiB) TX bytes:10380402512 (9.6 GiB)
    Memory:d0900000-d091ffff

    You need to chek the highlighet part and see what IP you are getting, if you see a 128.0.0.0 or 169.x.x.x then it means the XG is not getting an IP on the WAN interace.

    If it is getting an IP let us know which IP, it would depend on the IP received what to check next. 

    Regards,

     

Children
  • 0 in reply to emmosophos

    So I tried to SSH to 172.16.16.16 but that failed

     

    I reviewed the WAN port in the GUI and it shows this:

    So I tried to SSH to the IP listed above and was able to connect.

    I tried to ping 8.8.8.8 and received this:

  • 0 in reply to Katie Mazanek

    Hello Katie,

    Thank you for the follow-up.

    In this case you would need to ping 172.16.12.1 and see if you get a reply, most likey you will get one.

    # ping 172.16.12.1

    IF you get one, then try running 

    # traceroute 8.8.8.8

    Basically this will tell you how far the XG can go, if the output looks like the below it means the XG can go beyond the device with IP 172.16.12.1, meaning it should have internet, but in your case, it doesn't look like it will, what is 172.16.12.1? is it a router or a modem? 

    XG115_XN02_SFOS 17.5.12 MR-12.HF062020.1# traceroute 8.8.8.8
    traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 46 byte packets
    1 207.216.41.193 (207.216.41.193) 0.998 ms 1.435 ms 0.870 ms
    2 154.11.2.81 (154.11.2.81) 3.768 ms 154.11.2.83 (154.11.2.83) 4.301 ms 4.463 ms
    3 209.85.174.62 (209.85.174.62) 3.929 ms 3.747 ms 3.735 ms
    4 * * *
    5 dns.google (8.8.8.8) 4.458 ms 4.941 ms 4.681 ms

    Try running the same command from your Laptop (if it is a windows computer you need tracert 8.8.8.8) and see what output you get. 

    And what happens if you skip your switch and connect directly the XG to the modem? what IP you get? and do the output of the commands change?

    Regards,

     

  • 0 in reply to emmosophos

    So I tried this today and I cannot SSH in at all. I can't ping 172.16.12.116 on the network and the WAN port settings shows that it is in DHCP but shows no IP address today

     

  • 0 in reply to Katie Mazanek

    Hi Katie,

    If you plug your PC into the switch what IP address does it receive.

    Is the switch configured to automatically negotiate connection speed and full/half duplex? Please check that the cable is okay.

    Ian

  • 0 in reply to rfcat_vk

    See my config when I plug the laptop in to the same port with the same cable below

    I am able to access the internet with no issue from my laptop when plugged in

    Second screenshot is the port settings on the switch that I have the WAN port plugged in to 

  • 0 in reply to Katie Mazanek

    Hello Katie,

    Did you configure your Laptop for DHCP when you plugged this to the switch? Is the switch the one working as a DHCP server? can you check the leases on the switch?

    Regards,