This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ALLOW A FIREWALL CONNECTED BY LAN TO SOPHOS XG

NETWORK DIAGRAM

I would like to ask how to set up this network. I need to allow the server to access the internet located behind a firewall.
Appreciate your efforts. Thanks

This thread was automatically locked due to age.

Parents

0 rfcat_vk over 4 years ago

Hi,

are you asking about incoming traffic to the server or just putting?

The XG would be on an untagged port of the VLAN 13 of the switch. What IP address does the server present to the XG? The firewall rule would be similar to this

source LAN, network the network associated with VLAN 13, destination WAN, network ANY, services (HTTPS, DNS etc)m allow, log. To refine the rule you could create a clientless user for the server and us that name in the allow access in the firewall rule.

Ian
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 rfcat_vk over 4 years ago

Hi,

are you asking about incoming traffic to the server or just putting?

The XG would be on an untagged port of the VLAN 13 of the switch. What IP address does the server present to the XG? The firewall rule would be similar to this

source LAN, network the network associated with VLAN 13, destination WAN, network ANY, services (HTTPS, DNS etc)m allow, log. To refine the rule you could create a clientless user for the server and us that name in the allow access in the firewall rule.

Ian
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 hpdc-itdept over 4 years ago in reply to rfcat_vk

The server should have access to the internet as it belongs to our vendor and it needs to connect with their server. i did not check what the ip for the

server present to Xg
Cancel
Vote Up 0 Vote Down

Cancel
0 hpdc-itdept over 4 years ago in reply to rfcat_vk

Also I would like to add firewall has been setup to NAT and also the 172.16.1.0 network is dhcp. from the server it can ping to vlan 13 with ip 10.10.13.1 but not the sophos xg.
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 4 years ago in reply to hpdc-itdept

What is the address of the XG port? Have you allowed ping through the sonicwall? Is the XG connected to an untagged port on the switch, assuming the vlan is controlled by the sonicwall?

ian
Cancel
Vote Up 0 Vote Down

Cancel
0 hpdc-itdept over 4 years ago in reply to rfcat_vk

our switch is the one controlling the vlan as it is multilayer switch. the address of the xg port is 192.171.101.49
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 4 years ago in reply to hpdc-itdept

Does the switch know the XG is your gateway?

Ian
Cancel
Vote Up 0 Vote Down

Cancel
0 hpdc-itdept over 4 years ago in reply to rfcat_vk

Yes. all other vlans can access the network except that network setup for the above diagram.
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 4 years ago in reply to hpdc-itdept

Can you ping the XG interface from the switch? What is the ip range of VLAN 13?

Ian
Cancel
Vote Up 0 Vote Down

Cancel
0 hpdc-itdept over 4 years ago in reply to rfcat_vk

10.10.13.0/25. yes i can ping the xg from vlan 13. my question is how to make the 172.16.1.0/24 network to have internet access.
Cancel
Vote Up 0 Vote Down

Cancel
0 rfcat_vk over 4 years ago in reply to hpdc-itdept

The issue is the XG port is not in the VLAN 13 IP address range.

Ian
Cancel
Vote Up 0 Vote Down

Cancel
0 hpdc-itdept over 4 years ago in reply to rfcat_vk

i would like to add server 172.16.1.0/24 behind the sonicwall can ping the gateway of vlan 13 10.10.13.1 but cannot ping sophos xg port.
Cancel
Vote Up 0 Vote Down

Cancel