Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 14 replies
  • Answers 2 answers
  • Subscribers 29 subscribers
  • Views 609 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Use unused ports / other segments

NoName NoName2

Hello,

how can i set up the XG so that I can still use my free LAN ports, e.g. to set up various clients on different networks

What have I done.

Device port
Port 3 = 192.168.10.1/28 / Gateway = 192.168.10.1 / DNS 192.168.10.1
Port 4 = 192.168.20.1/28 / Gateway = 192.168.20.1 / DNS 192.168.20.1

DHCP
created for both LAN ports 3 and 4.

Zone
Port3 and Port4 each assigned in their own new zone

Now for the first test I have created firewall rules for one of the two PORTS.

Unfortunately, e.g. I cannot leave the existing network
172.16.0.1/16

can not reach the gateway of PORT3. The zone can perform PING and DNS resolution as a service.



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to Sophos Community.

    Request to post a snapshot of interface configuration here.

    Also, please take below observation, which would help to narrow down the reported issue.

    ==> Go to Diagnostics > Packet capture

    ==> Enter BPF string: host 192.168.10.x and proto ICMP

    eg: host 192.168.10.5 and proto ICMP

    ==> Start the capture and initiate a ping from the end machine with the below command.

    > ping -n 2 192.168.10.5

  • 0 in reply to FormerMember

    Hi,

    ok i found my mistake.

    I have declared Port4 as a separate zone for my NAS.

    Furthermore, I made the mistake of thinking that because my laptop does not know this new network segment, I have to assign an IP from this new segment of PORT4 to my network card.

    So he was never able to reach the gateway for the new network segment of PORT4.

    I don't have to assign a second IP to my laptop because I know the other network via the existing gateway network (Sophos). If the rule is set up correctly then I should come into my NAS network accordingly.

    That works so far.

    Now I can limit my services accordingly and also choose the clients that should only have access to the NAS network.

    Did I really give that again. ??

    greeting

Reply
  • 0 in reply to FormerMember

    Hi,

    ok i found my mistake.

    I have declared Port4 as a separate zone for my NAS.

    Furthermore, I made the mistake of thinking that because my laptop does not know this new network segment, I have to assign an IP from this new segment of PORT4 to my network card.

    So he was never able to reach the gateway for the new network segment of PORT4.

    I don't have to assign a second IP to my laptop because I know the other network via the existing gateway network (Sophos). If the rule is set up correctly then I should come into my NAS network accordingly.

    That works so far.

    Now I can limit my services accordingly and also choose the clients that should only have access to the NAS network.

    Did I really give that again. ??

    greeting

Children