Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Subscribers 28 subscribers
  • Views 346 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Help Moving from UTM To XG

Peter Evans

Hi, i'm after some help. I 'm moving from UTM to XG.

I have it mostly working, my setup is

Fibre Modem --> XG --> Unifi USG --> LAN

On my XG i have WAN port, LAN port and Mgmt Port

Any device that is in the same subnet as the mgmt port is able to access the internet

All otrher devices in a different subnet are not able to access the internet.

On the XG i have setup static unicast route

Subnet 1 - Interface LAN port cost 1

Subnet 2 - Interface LAN Port cost 1

Subent 3 - Interface LAN port cost 1

Routing table on the XG shows

Subnet 1 - Port 1 (mgmt)

Subnet 2 - Port 3 (LAN)

Subnet 3 - Port 3 (LAN)

It looks like any device on subnet 1 gets a route out via the mgmt port, however doing a tracert shows that devices on subnet 1 go usg --> xg lan --> internet



This thread was automatically locked due to age.
  • 0

    Hi,

    sounds like you haven’t added any firewall rules and are using the default one created at installation time?
    what functions have you created on the XG?
    ian

  • 0

    for now i have created a rule. basically any - any - any just for testing.

    I can confirm that works as i can access the internet on one of my subnets. Under Current connections i can see devices from all subnets being listed.

    I'm thinking its a routing issue.

    Ive i go to diagnostic and try ping.

    I can ping subnet 1 if i select interface Mgmt

    I cant ping any other subnet on LAN or Mgmt interface

    wondering if i need to setup ospf

  • +1 in reply to Peter Evans

    found my issue. on the sophos xg under static routes i entered the wrong gateway IP address. the gateway IP should be the IP of the WAN interface on my USG which sends all traffic destined for my LAN subnets back to the USG.