Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 14 replies
  • Answers 2 answers
  • Subscribers 29 subscribers
  • Views 609 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Use unused ports / other segments

NoName NoName2

Hello,

how can i set up the XG so that I can still use my free LAN ports, e.g. to set up various clients on different networks

What have I done.

Device port
Port 3 = 192.168.10.1/28 / Gateway = 192.168.10.1 / DNS 192.168.10.1
Port 4 = 192.168.20.1/28 / Gateway = 192.168.20.1 / DNS 192.168.20.1

DHCP
created for both LAN ports 3 and 4.

Zone
Port3 and Port4 each assigned in their own new zone

Now for the first test I have created firewall rules for one of the two PORTS.

Unfortunately, e.g. I cannot leave the existing network
172.16.0.1/16

can not reach the gateway of PORT3. The zone can perform PING and DNS resolution as a service.



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember in reply to NoName NoName2

    Please use BPF string: host 192.168.20.3 and proto ICMP

    Ensure that you have different machines located in desired networks.

    As Port1, Port3 & Port4 both are part of the LAN zone, one LAN to LAN firewall rule will be required to communicate in-between.

  • 0 in reply to FormerMember

    ok, thanks that works fine, i have forgett the word "AND" into my string

  • 0 in reply to FormerMember

    Hi,

    ok i found my mistake.

    I have declared Port4 as a separate zone for my NAS.

    Furthermore, I made the mistake of thinking that because my laptop does not know this new network segment, I have to assign an IP from this new segment of PORT4 to my network card.

    So he was never able to reach the gateway for the new network segment of PORT4.

    I don't have to assign a second IP to my laptop because I know the other network via the existing gateway network (Sophos). If the rule is set up correctly then I should come into my NAS network accordingly.

    That works so far.

    Now I can limit my services accordingly and also choose the clients that should only have access to the NAS network.

    Did I really give that again. ??

    greeting

  • 0 in reply to NoName NoName2

    Network Range object or Zone is the same. So it is actually redundant and not needed. Simply use the Zone and it will do the job for you to keep up with the segment.