Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 30 subscribers
  • Views 2770 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

LAN-to-LAN traffic not working

Greg McKiernan

Hello all,

I have two networks in our LAN zone:

  1. 10.0.180.0/24
  2. 10.2.180.0/24

Here is the interface config:

We have a LAN-to-LAN rule that I would assume should allow traffic between hosts on either network:

From either network, I am able to ping the interface IP of both networks (10.0.180.1/10.2.180.1), from both source networks, however, I can't ping any clients on the network.

What am I missing??

EDIT:  I have also diagnosed via packet capture that it looks to be a firewall policy violation, but I can't seem to figure out how to resolve:



This thread was automatically locked due to age.
Parents
  • 0

    Hi there.

    Given the second network is on a wireless, and a different subnet to the wired network, then I would recommend reconfiguring the Wireless into the WIFI zone, and then creating firewall rules to allow traffic from the LAN zone and IP range to the WAN Zone and IP Range, and a secondary rule for the reverse.

    I have seen some oddities in having the WIFI network bridged to the LAN on the Sophos models with internal WIFI. Personally have moved away from using the Bridge to LAN setting and have the Wifi in the WIFI zone and on a separate range and firewall it back.

    Also check that the Wifi Config does not have client isolation enabled.

    Regards

    Gavin

    Regards,

    Gavin Daniels. DipIT(Networking)

     

     
Reply
  • 0

    Hi there.

    Given the second network is on a wireless, and a different subnet to the wired network, then I would recommend reconfiguring the Wireless into the WIFI zone, and then creating firewall rules to allow traffic from the LAN zone and IP range to the WAN Zone and IP Range, and a secondary rule for the reverse.

    I have seen some oddities in having the WIFI network bridged to the LAN on the Sophos models with internal WIFI. Personally have moved away from using the Bridge to LAN setting and have the Wifi in the WIFI zone and on a separate range and firewall it back.

    Also check that the Wifi Config does not have client isolation enabled.

    Regards

    Gavin

    Regards,

    Gavin Daniels. DipIT(Networking)

     

     
Children
  • 0 in reply to GavinDaniels

    Just to be sure: You cannot have two interfaces in the same subnet, unless its a bridge.

    So if you have a separate zone configured, you need to choose a different IP subnet. Or you move to Bridge to AP LAN. 

    __________________________________________________________________________________________________________________

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?