This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

LAN-to-LAN traffic not working

Greg McKiernan over 3 years ago

Hello all,

I have two networks in our LAN zone:

10.0.180.0/24
10.2.180.0/24

Here is the interface config:

We have a LAN-to-LAN rule that I would assume should allow traffic between hosts on either network:

From either network, I am able to ping the interface IP of both networks (10.0.180.1/10.2.180.1), from both source networks, however, I can't ping any clients on the network.

What am I missing??

EDIT: I have also diagnosed via packet capture that it looks to be a firewall policy violation, but I can't seem to figure out how to resolve:

This thread was automatically locked due to age.

Top Replies

emmosophos over 3 years ago in reply to Greg McKiernan +1

Hello Greg, May know the Case ID? What happens if you change the Wireless to be on the WiFi zone are you able to Ping? Is the Access Point/SSID bridge to the LAN? Regards,

Parents

0 Wayne Folta over 3 years ago

It looks like your LAN bridge (10.0.180.0) isn't in the LAN zone.
Cancel
Vote Up 0 Vote Down

Cancel
0 Greg McKiernan over 3 years ago in reply to Wayne Folta

Hey Wayne,
Here is the expanded interface group screenshot. Each port of the bridge is in the LAN zone:
Cancel
Vote Up 0 Vote Down

Cancel
0 Wayne Folta over 3 years ago in reply to Greg McKiernan

OK, that's good. I thought you could put the bridge into a zone, but now that I look on my system, it works as you've done and you enter each one individually as you add it to the bridge.

The next question would be what's the rule in the #1 slot of the firewall rules. Could it be dropping things before they get to #2.
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Wayne Folta over 3 years ago in reply to Greg McKiernan

OK, that's good. I thought you could put the bridge into a zone, but now that I look on my system, it works as you've done and you enter each one individually as you add it to the bridge.

The next question would be what's the rule in the #1 slot of the firewall rules. Could it be dropping things before they get to #2.
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Greg McKiernan over 3 years ago in reply to Wayne Folta

Rule #1 is disabled - I had another rule for testing, but this should be the effective policy rule
Cancel
Vote Up 0 Vote Down

Cancel
0 Wayne Folta over 3 years ago in reply to Greg McKiernan

Hmmm... have you tried connections other than ping? I'm grasping at straws but Intrusion Prevention can stop ICMPs.

Or any other settings on the bottom of the firewall rule, like exceptions or something?
Cancel
Vote Up 0 Vote Down

Cancel
0 Greg McKiernan over 3 years ago in reply to Wayne Folta

There are serial-to-network devices on the 10.2.180.0 network that communicate with a Windows server on the 10.0.180.0 network, and this communication is not occurring, unfortunately. We previously had a FortiGate firewall in place and we have replicated the configurations to near exact specifications, so I am at a loss.. I was on a support call with a Sophos Engineer for nearly 2 hours and we were unable to find a resolution.. I'm getting desparate!
Cancel
Vote Up 0 Vote Down

Cancel
0 emmosophos over 3 years ago in reply to Greg McKiernan

Hello Greg,

May know the Case ID?

What happens if you change the Wireless to be on the WiFi zone are you able to Ping?

Is the Access Point/SSID bridge to the LAN?

Regards,

Emmanuel (EmmoSophos)

Technical Team Lead, Global Community Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up +1 Vote Down

Cancel

LAN-to-LAN traffic not working

Top Replies

Submitted a Tech Support Case lately from the Support Portal?