Hello,
I have this configuration:
Internet ---> Mikrotik RB450G router ----> Sophos XG firewall SFVH (SFOS 18.0.3 MR-3) ----> LAN
RB450G is at 192.168.20.1
Sophos XG firewall is at 192.168.20.12
Some of the devices in LAN use Sophos XG firewall as gateway at 192.168.20.12, while other use gateway at 192.168.20.1 (RB450G).
There is a problem with ping from RB450G to the devices behind Sophos XG firewall. RG450G does not receive answer and reports timeout. The devices that use RB450G as gateway are visible by ping command from RB450G.
The log reports that Sophos XG firewall denies ICMP. My question is how to enable ICMP protocol?
Sample message (192.168.20.53 uses Sophos XG firewall as gateway ):
messageid="01001" log_type="Firewall" log_component="Invalid Traffic" log_subtype="Denied" status="Deny" con_duration="0" fw_rule_id="N/A" nat_rule_id="0" policy_type="0" user="" user_group="" web_policy_id="0" ips_policy_id="0" appfilter_policy_id="0" app_name="" app_risk="0" app_technology="" app_category="" vlan_id="" ether_type="IPv4 (0x0800)" bridge_name="" bridge_display_name="" in_interface="" in_display_interface="" out_interface="" out_display_interface="" src_mac="" dst_mac="" src_ip="192.168.20.53" src_country="" dst_ip="84.22.2.25" dst_country="BGR" protocol="ICMP" icmp_type="0" icmp_code="0" packets_sent="0" packets_received="0" bytes_sent="0" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="" src_zone="" dst_zone_type="" dst_zone="" con_direction="" con_id="" virt_con_id="" hb_status="No Heartbeat" message="ICMP packets with invalid ICMP type/code." appresolvedby="Signature" app_is_cloud="0"
I have this configuration:
Internet ---> Mikrotik RB450G router ----> Sophos XG firewall SFVH (SFOS 18.0.3 MR-3) ----> LAN
RB450G is at 192.168.20.1
Sophos XG firewall is at 192.168.20.12
Some of the devices in LAN use Sophos XG firewall as gateway at 192.168.20.12, while other use gateway at 192.168.20.1 (RB450G).
There is a problem with ping from RB450G to the devices behind Sophos XG firewall. RG450G does not receive answer and reports timeout. The devices that use RB450G as gateway are visible by ping command from RB450G.
The log reports that Sophos XG firewall denies ICMP. My question is how to enable ICMP protocol?
Sample message (192.168.20.53 uses Sophos XG firewall as gateway ):
messageid="01001" log_type="Firewall" log_component="Invalid Traffic" log_subtype="Denied" status="Deny" con_duration="0" fw_rule_id="N/A" nat_rule_id="0" policy_type="0" user="" user_group="" web_policy_id="0" ips_policy_id="0" appfilter_policy_id="0" app_name="" app_risk="0" app_technology="" app_category="" vlan_id="" ether_type="IPv4 (0x0800)" bridge_name="" bridge_display_name="" in_interface="" in_display_interface="" out_interface="" out_display_interface="" src_mac="" dst_mac="" src_ip="192.168.20.53" src_country="" dst_ip="84.22.2.25" dst_country="BGR" protocol="ICMP" icmp_type="0" icmp_code="0" packets_sent="0" packets_received="0" bytes_sent="0" bytes_received="0" src_trans_ip="" src_trans_port="0" dst_trans_ip="" dst_trans_port="0" src_zone_type="" src_zone="" dst_zone_type="" dst_zone="" con_direction="" con_id="" virt_con_id="" hb_status="No Heartbeat" message="ICMP packets with invalid ICMP type/code." appresolvedby="Signature" app_is_cloud="0"
This thread was automatically locked due to age.
