Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 1214 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Subnets in LAN Zone

Fernando Fikfak

Hello.

Our network topology is like this:

VLAN 172.16.100.0/24 ------------ Layer 3 switch ------- VLAN 172.16.10.0/24 -------- Sophos LAN Port1 172.16.10.1

Everything work fine in VLAN 172.16.10.0/24 everybody can connect to web proxy TCP/3128, but the VLANS behind Layer 3 Switch can't connect, when I test the policy I get a DENIED ACCCESS, but any PC conected to VLAN 172.16.100.0/24 can PING Sophos 172.16.10.1

I can't find where to add VLAN 172.16.100.0/24 as part of LAN ZONE.

Thanks in advance!



This thread was automatically locked due to age.
Parents
  • 0

    We used to run something similar with two subnets on different VLANs behind the switch.

    The fact you can ping 172.16.10.1 from the 172.16.100.0/24 subnet (it's a subnet not a VLAN, they may well be on different VLANS but you are talking about a subnet Slight smile) indicates that the routing has been setup correctly. I would suspect there is something wrong with your firewall rules. As carbon15 has said, if the traffic is coming in on Port1 then it will be identified as being in the LAN zone whatever subnet it is in.

Reply
  • 0

    We used to run something similar with two subnets on different VLANs behind the switch.

    The fact you can ping 172.16.10.1 from the 172.16.100.0/24 subnet (it's a subnet not a VLAN, they may well be on different VLANS but you are talking about a subnet Slight smile) indicates that the routing has been setup correctly. I would suspect there is something wrong with your firewall rules. As carbon15 has said, if the traffic is coming in on Port1 then it will be identified as being in the LAN zone whatever subnet it is in.

Children
No Data