Invalid Traffic between LAN devices

Invalid Traffic is most likely not an issue. https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Logs/LogViewer/InvalidTrafficEvents/index.html

Most likely a application issue. And the firewall logs the closure of the application. 

I'm still suffering with this problem of not being able to reach the NAS from one specific machine and I'm convinced that this is a problem with the XG125. Additionally, I just recently discovered that I have another machine that cannot reach the NAS. I have a Canon MFP that I used to be able to scan documents and have them saved to a destination directory on the NAS. With the XG125 in place, that functionality does not work. As a test, I reinstalled my old router that I replaced with this XG125, a Cisco RV325. When the Cisco is used instead of the XG125, all the machines can connect to the NAS with no problem. As soon as I plug the XG125 back in, the Windows machine and the MFP can no longer connect. WTF!!!

As you can see in the previous image, the Drop rules were not created by me. They're the Example rules created by the router when it is out of the box. The Email rule was automatically created by the router as well. The description of the rule says, "This rule was added automatically by SFOS MTA. However you could edit this policy based on network requirement." As for the IP configuration of the devices that can't connect, they're both configured as DHCP with the router performing as the DHCP server. The MFP is assigned a static reservation while the workstations are not. All the devices on the network are configured this way. The NAS also receives a static reservation from DHCP.  Here's the new rule list.

Please review the connection details of the failing PC in detail, compare the IP setup in the advanced tab. I understand about the default settings, they are bit of an open setup, but the aim is to get you connected while you refine your connection rules.

Ian

I don't know what you're trying to get me to find but I compared three workstations, two Win11, one Win10, and the network properties all look the same across all the tabs, with the exception of the NIC properties, of course.

What I am asking about is the WINS settings - Advanced TCP/IP NETBIOS settings - default.

Ian

Ok, settings on the WINS tab are identical on all three machines

In that case you need to start capturing the traffic so you can review where it is failing.

How is your network connected to the XG?

Ian

The firewall should not be involved in this scenario. It is a LAN to LAN Segment (Broadcast to the same domain). 

Can you show us your LAN interfaces? 

Well, i don't know how much it'll help. As I mentioned originally, the ports are all bridged, but here it is.  

How many devices connect directly to the XG and how many switches are you using?

Ian

i won't be able to do any traffic captures until the weekend, but the network layout is very simple. The NAS is connected to port 8 of the XG125, The WAP is connected to port 5, all other wired devices are connected to an HP J956a 16port switch, which is connected to port 1 on the XG125. My intention for putting the NAS on a specific port was eventually I wanted to perform some creative routing for the NAS but I have to be able to access the NAS from all the devices on the LAN before I can ever consider creative stuff with it.

i won't be able to do any traffic captures until the weekend, but the network layout is very simple. The NAS is connected to port 8 of the XG125, The WAP is connected to port 5, all other wired devices are connected to an HP J956a 16port switch, which is connected to port 1 on the XG125. My intention for putting the NAS on a specific port was eventually I wanted to perform some creative routing for the NAS but I have to be able to access the NAS from all the devices on the LAN before I can ever consider creative stuff with it.