Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 650 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Routing - Troubleshooting

BlackSheepOne

My XG FW network is 192.168.210.x.  I have connected to it a non-XG wireless AP (Velop) that is on a separate network 192.168.1.x.

I've added a static route which forwards any traffic destined to the 192.168.1.x network via it's gateway of 192.168.1.1.

I am successfully able to ping, trace route and perform a route look up on any wireless client from the Diagnostics page of the XG.

I am able to ping any device on the XG firewall from the Velop wireless system.

However when I try to ping or access a wireless client(192.168.1.x) from the XG network(192.168.210.x) I am unable to.

Any ideas?  How could I troubleshoot this further from the XG Firewall?

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    Thanks for the help everyone.

    So, I added a FW rule and that enabled me to ping the devices on the wireless network  But I sm still unable to access them with any applcation or web browser.

    The rule allows ANY service to ANY service.

    I created an ALLOW ANY ANY Rule and still cant access the devices.

    I am not seeing anything being blocked in the logs, in fact I see traffic allowed and to the specific ports.

    I am thinking it may be on the Velop system but the FW is off.

    Kerry

  • 0 in reply to BlackSheepOne

    More information:

    I flipped on the 'invalid traffic' log and found that most of the traffic going to and coming from the wireless network (192.168.1.x) network is being tagged as 'invalid traffic' .  However some traffic is allowed.

    I am also getting the message 'Could not associate packet to any connection'.

    Here are a couple of log entries:

    Status    NAT rule    Message    Message ID    Rule type    Live PCAP    Src IP    Src port    Dst IP    Dst port    In interface     Out interface     Protocol
    Allow    0        1    1    Open PCAP    192.168.210.250    51028    192.168.1.12     37777    Port1    Port1    TCP
    Allow    0        1    1    Open PCAP    192.168.210.250    50737    192.168.1.12     37777    Port1    Port1    TCP
    Deny    0    Could not associate packet to any connection.    1001    0    Open PCAP    192.168.1.12     49825    17.57.144.133    5223            TCP
    Allow    0        1    1    Open PCAP    192.168.210.250    64769    192.168.1.12     80    Port1    Port1    TCP
    Deny    0    Invalid packet.    1001    0    Open PCAP    192.168.210.250    64769    192.168.1.12     80    Port1        TCP
    Deny    0    Invalid TCP state.    1001    1    Open PCAP    192.168.210.250    64769    192.168.1.12     80            TCP
    Deny    0    Invalid TCP state.    1001    1    Open PCAP    192.168.210.250    64769    192.168.1.12     80            TCP
    2021-06-03 20:29:59    Invalid Traffic    Denied    23    Deny    0    Invalid TCP state.    1001    1    Open PCAP    192.168.210.250    64769    192.168.1.12     80            TCP

Reply
  • 0 in reply to BlackSheepOne

    More information:

    I flipped on the 'invalid traffic' log and found that most of the traffic going to and coming from the wireless network (192.168.1.x) network is being tagged as 'invalid traffic' .  However some traffic is allowed.

    I am also getting the message 'Could not associate packet to any connection'.

    Here are a couple of log entries:

    Status    NAT rule    Message    Message ID    Rule type    Live PCAP    Src IP    Src port    Dst IP    Dst port    In interface     Out interface     Protocol
    Allow    0        1    1    Open PCAP    192.168.210.250    51028    192.168.1.12     37777    Port1    Port1    TCP
    Allow    0        1    1    Open PCAP    192.168.210.250    50737    192.168.1.12     37777    Port1    Port1    TCP
    Deny    0    Could not associate packet to any connection.    1001    0    Open PCAP    192.168.1.12     49825    17.57.144.133    5223            TCP
    Allow    0        1    1    Open PCAP    192.168.210.250    64769    192.168.1.12     80    Port1    Port1    TCP
    Deny    0    Invalid packet.    1001    0    Open PCAP    192.168.210.250    64769    192.168.1.12     80    Port1        TCP
    Deny    0    Invalid TCP state.    1001    1    Open PCAP    192.168.210.250    64769    192.168.1.12     80            TCP
    Deny    0    Invalid TCP state.    1001    1    Open PCAP    192.168.210.250    64769    192.168.1.12     80            TCP
    2021-06-03 20:29:59    Invalid Traffic    Denied    23    Deny    0    Invalid TCP state.    1001    1    Open PCAP    192.168.210.250    64769    192.168.1.12     80            TCP

Children
No Data