Hello Sophos Community,
i am experiencing the following problem:
I am trying to configure the firewall in a way that it forwards a lot of requests unfiltered to two CMTS devices unfiltered via static routing.
The CMTS devices are directly connected to the Sophos and have their own zone:
The CMTS devices have the ip-addresses 10.3.0.2 and 10.4.0.2 respectively.
Any traffic that has one of the several networks handled by the CMTS devices as a destination is supposed to get routed directly to them via static routing:
There is also a static routing of two external IP addresses to an internal XG Firewall behind the Lan interface, providing internet to the actual internal network, which works fine.
Last night i tested the connections and got the expected amount of incomming requests, but the firewall log always showed that the default drop Rule 0 was chosen with the note "Could not associate packet to any connection".
I did experiement a bit with several Firewall rules, but none seemed to get used.
One that specified the destination IP as one of the ones that should get routed to the CMTS devices
One that specified the destination IP as one of the two of the actual CMTS devices
And one that specified the destination zone as the CMTS zone
I even tried a complete wildcard rule ("any" in every possible specification) and still the firewall log showed the traffic as dropped with the same note.
Any of these rules was with all security features deactivated.
Right now the same setup runs on an old Sophos UTM that is to be replaced by this XG Firewall.
Do you have any advice on how to proceed further?
This thread was automatically locked due to age.
