Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 932 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Server on Different Interface not Reachable from LAN

Hermann

I have a server on interface A with its own zone and a static IPv4. It is not reachable from the LAN zone on interface B, even though I have a firewall rule with logging on top of any other rule that says allow from LAN, Any host to Server_Zone, Any host Any service (only for testing purpose). The policy test just says it blocked, because it has no matched rule. There is nothing in the Log viewer. The status of interface A says connected with the correct link speed.

What am I missing to enable inter-interface connections?

Thank you very much in advance!



This thread was automatically locked due to age.
Parents
  • 0

    Can you show us a screenshot of your interface definition, please?

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Hermann

    For clarity reasons, I changed the interface slightly:

    It is connected:

    And also leases IPs over DHCP:

    The firewall rule number 1 should actually allow everything:

    Which now seems to work according to the policy tester. I can also ping 172.16.53.53 through the Sophos web GUI, but not directly from my workstation in the LAN zone. I also cannot connect via SSH.

  • +1 in reply to Hermann

    Your interface IP on Port3 seems to be incorrect: are you really using 172.16.53.0 ?

    This is the complete network, you should use 172.16.53.1 for Port3 for example. And then your server in that Zone could use  172.16.53.53, if you want. The gateway that your DHCP server for that network will deploy is the 172.16.53.1, then.

    After these changes, you setup should begin to fly.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to jprusch

    Thank you very much for your answer and your time. Slight smile

    I changed the port3 interface to 172.16.53.1, my server still gets the 172.16.53.53 IP and shows the correct host name under the DHCP lease page, I can still ping through the Sophos Web GUI and the policy tester says it accepts a connection from a LAN IP to the server or from the server to the WAN zone, however from my workstation in the LAN zone I cannot ping the server nor establish an SSH connection.

    Am I free to choose the interface IP or did I make an incompatible choice with 172.16.53.1 for the port3 interface?

  • 0 in reply to Hermann

    I changed the interface IP to 172.16.53.1/24 and recreated the DHCP server for this interface - now it works. Thank you very much! It flies now. ;) 

Reply Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?