Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 2 answers
  • Subscribers 27 subscribers
  • Views 2212 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Routing between two internal networks

Ben Su

Hi there,

I have two internal LAN networks on two ports. (Ports 1 & 4)

I have an internal LAN-LAN rule with all filtering/scanning disabled. Logs show all traffic to the 192.168.100.0 network is allowed.

From PCs on the 192.168.1.0 network I can ping 192.168.100.250 but not machines in the 192.168.100.0 network.

Would greatly appreciate any help with with this.

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    Hello there,

    Thank you for contacting the Sophos Community.

    If you do a drop-packet Capture on the console of the XG (Press 5>4 when SSH into the XG), do you see any packets being dropped?

    console > drop-packet-capture host '192.168.100.x' (substitute the X for the IP of the computer network you’re trying to Ping)

    Additionally, if you don't really need the bridge I would recommend you to get rid off it, as I only see Port1 being used, if you need it make sure routing is enabled in the bridge.

    Also if you have any SD_WAN policy, make sure the precedence is set to:

    static, sdwan_policyroute VPN

    You can check by running this command in the console:

    console> system route_precedence show 

     Also as rfcat_vk mentioned, make sure the Source Networks and Destination Networks are /24 ranges 

    Regards,

  • 0 in reply to emmosophos

    Hi, I get this error when I try the drop packet command.

    There are no SD_WAN policies, just the defaults.

    I'll give removing the bridge a try.

    Thanks

Reply Children
  • FormerMember
    0 FormerMember in reply to Ben Su

    Assuming you're able to ping machines in 192.168.100.0/24 network directly from XG firewall(Diagnostics > Tools > Ping).

    You can check the packet flow in CLI using the below command.

    ==> Login to SSH > 4. Device Console

    console> tcpdump 'host <destination_IP> and proto ICMP

    eg. console> tcpdump 'host 192.168.100.20 and proto ICMP

    ==> To check drop packets,

    console> drop-packet-capture 'host 192.168.100.20 and proto ICMP

    Request to share session output here or via PM.

    For testing try to link a NAT rule with a Translated source(SNAT) as MASQ.

    Let me know if you've any queries.

  • 0 in reply to FormerMember

    Hi, Thanks for your reply.

    This discussion can be closed. Issue was caused by 3rd Party.