Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 10 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 1409 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Passthrough UDP 1701

G A1

Hi,

I would like to pass through 1701 UDP LAN to WAN.  It seems blocked although it is not in the log or live capture. 
Maybe related to internal VPN services?

How can I fix it?

Cheers 



This thread was automatically locked due to age.
Parents
  • 0

    Add a rule that allows the port through the firewall.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    I tried this as my top most rule. But still no luck. 

    I tried also only my 1702 UDP services under services. Does not help.

  • 0 in reply to G A1

    Hi,

    that rule is a good test rule but it is a security risk for production.

    Why do you want to pass that port through to the internet, a normal firewall source LAN, LAN network, destination wan, any service port 1701 (definition UDP  1:65536 to 1701). Assumption you are using the default NAT rule otherwise if you are using linked rules access will fail. If you only have one internet connection then a standard default NAT is all you need.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Sure it is only a testing rule. 
    I want to make it work. Could it be that it is an issue in the current v18?


    To clarify: I want that a workstation in my LAN can connect to an internet L2TP server:

    Should not the **Default SNAT IPv4** handle this situation?! I really do not understand why my connection is dropped and not even in the logs/capture.

  • 0 in reply to G A1

    I wonder if changing your rule from Source Zone 'Any' to 'LAN' and Destination Zone from 'Any' to 'WAN' would work.

  • 0 in reply to Brian1941

    I tried it but did not change anything.

    I do not think it an FW issue because otherwise, it would be in the logs.

    I believe my NAT rules or the internal VPN server are blocking that port.

    Here is my nat rule (the usage counter is zero so must not be used at all):


    My service:

  • 0 in reply to G A1

    I don't know what's going on then. A separate NAT rule is not required, your firewall rule just uses the default NAT rule.

  • 0 in reply to Brian1941

    Hi,

    please take a step back and look at the setup on your PC.

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    PC is connecting fine if I remove Sophos and replace it with my old router or connect to my home wifi.
    My PC logs do look as followed:


    Mon Feb 28 12:17:50 2022 : l2tp_get_router_address
    Mon Feb 28 12:17:50 2022 : l2tp_get_router_address 192.168.178.1 from dict 1
    Mon Feb 28 12:17:50 2022 : L2TP connecting to server <public-L2TP-IP>' ...
    Mon Feb 28 12:17:50 2022 : IPSec connection started
    Mon Feb 28 12:17:50 2022 : IPSec phase 1 client started
    Mon Feb 28 12:18:00 2022 : IPSec connection failed

  • 0 in reply to G A1

    So, in summary you are saying there is an issue with your XG configuration? What other tests have you tried eg can you websurf, does your pc get an address, gateway and dns from the XG?

    ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • 0 in reply to G A1

    So, in summary you are saying there is an issue with your XG configuration? What other tests have you tried eg can you websurf, does your pc get an address, gateway and dns from the XG?

    ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?