Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 27 subscribers
  • Views 1584 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Understanding on how to route between devices on seperate Interfaces

Daniel Hargrove

Hi.

Many thanks for reading this, I am hoping someone may be able to throw some light on what I am trying to achive. I am new to the Sophos XG platform but I assume what I am trying to do is possible.

Here is my scenario.

Two companies in the same building - Both on independant networks with a DC for each. Internet was provide by two internet circuits but this has since been combined into a single leased line connected to the XG210. I have set this up as below which provides each network with internet but, I now want to create a AD trust between the two domain controllers to allow each other to see data shares.

Device - Sophos XG 210 (v18)

Interface 2 - WAN (BT Leased Line)

Interface 3 VLAN 10 192.168.10.253 /24 (Zone Company_1)

Interface 3 VLAN 20 192.168.11.253 /24 (Zone Company_2)

VLANS are connected to the Trunk Port on a Ubiquiti switch and it all works as expected.

I thought I would be required to use Static Routes to link the two together but I cannot seem to get this working. It may be my lack of knowledge and possibly setting ut up wrong.

Has anyone got any advice?

Many thanks for you help.

Daniel Hargrove



This thread was automatically locked due to age.
Parents
  • +1

    If the XG is the Default gateway for the networks in question there is no need to add Static route. The XG know the networks since it is direct conected to the XG.

    You need a firewall rules to allow the traffic between the networks.

    Rule 1

    Source - Zone 1 Networks - any or 192.168.10.0/24

    Dest - Zone 2 Networks - any or 192.168.11.0/24

    Protcol - any

    Rule 2

    Source - Zone 2 Networks - any or 192.168.11.0/24

    Dest - Zone 1 Networks - any or 192.168.10.0/24

    Protcol - any

    That should do it. Now since it is a AD trust you need to set up the DNS on the DC to find eatch other. 

    For start you could try to use RDP or Ping to see if the trafic works as expected. But you need to look in to the Windows FIrewall as well so the correct ports are open.

    //Rickard

Reply
  • +1

    If the XG is the Default gateway for the networks in question there is no need to add Static route. The XG know the networks since it is direct conected to the XG.

    You need a firewall rules to allow the traffic between the networks.

    Rule 1

    Source - Zone 1 Networks - any or 192.168.10.0/24

    Dest - Zone 2 Networks - any or 192.168.11.0/24

    Protcol - any

    Rule 2

    Source - Zone 2 Networks - any or 192.168.11.0/24

    Dest - Zone 1 Networks - any or 192.168.10.0/24

    Protcol - any

    That should do it. Now since it is a AD trust you need to set up the DNS on the DC to find eatch other. 

    For start you could try to use RDP or Ping to see if the trafic works as expected. But you need to look in to the Windows FIrewall as well so the correct ports are open.

    //Rickard

Children