Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 27 subscribers
  • Views 1052 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Add a subnet to lan zone

Nicolas HORCHOWER

Hello,

I have a wifi AP hosting some networks, I would like to make them going un-natted to my XG firewall.

I wasn't able to find how to add subnets to zone LAN.

Static route is set, ping are fine. But when I try to route outgoing packets to WAN, there is a redirect to authentication page but the page never appears.

So I guess the firewall is not able to identify those subnets, and doesn't allows authentication.

What is the best way to solve this ?

Thanks for your help



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi

    Thanks for reaching out, and welcome to the Sophos Community! 

    What is the firmware version on your firewall? Did you configure match known users and use web authentication for unknown users on LAN to WAN firewall rule? 

    Can you share the screenshot of that redirected authentication link? 

    Thanks,

  • 0 in reply to FormerMember

    Hello Harsh,

    Thanks for your reply.

    I'm using SFOS 18.0.4 MR-4

    Yes I've configured match known users + use web authentication for unknown users on Lan to Wan rule

    When I try to open a URL like yahoo.de, it is redirected to a URL starting with my firewall name:
    https://MY_FW:8091/ntlmauth.html?2yahoo.de/

    I wasn't able to find something on the log

    Best Regards

  • FormerMember
    0 FormerMember in reply to Nicolas HORCHOWER

    Hi ,

    Did you configure LAN to WAN rule with DNS service on top of the user identity-based rule? 

    Check out the following KBA for more info: 

    Thanks,

  • 0 in reply to FormerMember

    done, but it doesn't solve my issue.

    my DNS is internal. I also tried to replace the firewall FQDN with its IP : same result.

    I'm not able to reach the admin nor the user page on the FW.

    I can ping it,

    I'm not able to connect via ssh (with IP address or fqdn).

    I see in log web traffic catched, but no feedback about the portal.

    That's why I was trying to find a way to add my other subnets to the portal.

    BTW, local lan traffic is fine, and if I masquerade my traffic it is ok too (but I can't let traffic masqueraded).

    Any idea to get a better log of firewall local interface or service

    Thanks

Reply
  • 0 in reply to FormerMember

    done, but it doesn't solve my issue.

    my DNS is internal. I also tried to replace the firewall FQDN with its IP : same result.

    I'm not able to reach the admin nor the user page on the FW.

    I can ping it,

    I'm not able to connect via ssh (with IP address or fqdn).

    I see in log web traffic catched, but no feedback about the portal.

    That's why I was trying to find a way to add my other subnets to the portal.

    BTW, local lan traffic is fine, and if I masquerade my traffic it is ok too (but I can't let traffic masqueraded).

    Any idea to get a better log of firewall local interface or service

    Thanks

Children
No Data