Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 324 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Home transparent bridge using wrong port?

stvo

Hi All,

I am attempting something similar to this:

https://support.sophos.com/support/s/article/KB-000035920?language=en_US

I am using XG Home (18.0.5 build 586) on a VM with 4 port NIC. I would like to use: Port1=LAN; Port2=DMZ; Port3=WAN

I initially set up ports 1 and 3 (LAN/WAN respectively) to test I have the initial install set up. I created broad firewall rules allow LAN to ANY and NAT of LAN to any also (Source MASQ), this worked as expected, any client connection to LAN will go out the WAN (which connects to my actual hardware XG firewall/gateway) and access internet traffic ok etc.

My end goal is to use a small number of static public IP addresses I have within the DMZ for a number of servers, and to leverage the firewall features for security. As in the link above my LAN port is 172.16.16.16 (default out the box install) and 172.16.16.0/24 subnet. My WAN port is 1.1.1.2. Again, with just the LAN and WAN configured like this, everything works as expected.

So following the document, i create the bridge specifying Port2 as DMZ and Port3 as WAN, with the IP 1.1.1.2 and gateway of 1.1.1.29. Ensure my rule and NAT still apply and... nothing (no internet access from LAN)

Took me about 30 mins to figure out that it was actually pushing data out of Port2 (DMZ) - spotted looking at the Gateway page under Routing and saw the gateway was down / not connected, despite the Port3 cable connecting to my hardware XG firewall (aka, nothing changed)

So, if I connect my 1.1.1.29 gateway (hardware XG) to Port2 (DMZ) instead of Port3 (WAN), the basic routing works and the DMZ is treated as WAN? I haven't tried any WAN<>DMZ stuff yet as this current setup is not what I want! I also tried deleting the bridge and re-creating with the ports in a different order (Port3 WAN first then Port2 DMZ), same issue.

Anybody know what might be going on? I cannot find any additional settings relating to specific ports of the bridge, but Port2 should def. be DMZ and Port3 def. WAN in the bridge.

Additionally under Zones it is showing WAN has member Port3 and DMZ has member Port2 also, confirming what I would expect.

Appreciate any help in advance! I don't want to just say "ok, lets assumed they are swapped" without knowing why, would give me sleepless nights :-)

Many thanks.



This thread was automatically locked due to age.
Parents
  • 0

    Ok, ignore. I think XG Firewall chooses the port order itself (LAN/WAN/DMZ in this case)  and it must of been my assumptions (wrong) that got me to this point. May have only appeared to work as I thought, due to having multiple cables plugged into the NIC at the same time, even though not required. My confusion.

Reply
  • 0

    Ok, ignore. I think XG Firewall chooses the port order itself (LAN/WAN/DMZ in this case)  and it must of been my assumptions (wrong) that got me to this point. May have only appeared to work as I thought, due to having multiple cables plugged into the NIC at the same time, even though not required. My confusion.

Children
No Data