Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 2 answers
  • Subscribers 27 subscribers
  • Views 1240 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How to manage asymetric route with Sophos XG v.18

ITA_Fabio

Hi everyone,

Maybe I'm doing something wrong but I can not have all my offices browse each other on MPLS connection...

First of all each office has a connection, managed externally by one ISP, with its own router and each is part of a big MPLS. On main office i got two connection, on WAN1 as primary line a FTTH and the MPLS FTTH line configured as backup on the Sophos XG.

My goal is to let each office browse file on other offices server and client other than connect via rdp and so on.

On the XG I've configured a couple of rules to static redir traffic. Now if I try to ping, for example, the server ip on branch office A from main office client it responds as aspected, I can connect to it with RDP client but if, from that server (ip 10.0.96.10) I try to open shared folder on the server of main office using "\\10.7.68.10" it dosen't work either if i try to ping from there it goes on timeout.

Any suggestions?!?

Waht I've done:
- set the static route
- set firewall rule to let everything pass in and out from network ip of every office
- set, via firewall console, rules to bypass the statefull firewall inspection between networks

what's wrong?

Thanks
Fabio



This thread was automatically locked due to age.
Parents
  • 0

    Hello Fabio,

    Thank you for contacting the Sophos Community.

    Are you able to see the Ping arriving/traversing the XG when they come from 10.0.96.10? I would start from there.

    If you do see the packet arriving, and leaving the interface where the server is connected, do you see it sending it back to the XG? 

    Where does the Ping get lost?

    Also check if the Server Firewall is disabled, as it might be that one of them has the Firewall disable and allows pings from all subnets, but the other one is rejecting the packets.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Reply
  • 0

    Hello Fabio,

    Thank you for contacting the Sophos Community.

    Are you able to see the Ping arriving/traversing the XG when they come from 10.0.96.10? I would start from there.

    If you do see the packet arriving, and leaving the interface where the server is connected, do you see it sending it back to the XG? 

    Where does the Ping get lost?

    Also check if the Server Firewall is disabled, as it might be that one of them has the Firewall disable and allows pings from all subnets, but the other one is rejecting the packets.

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Children
  • 0 in reply to emmosophos

    Hi Emmanuel,

    Thanks for your reply and sorry for my late answer (I was absent last days).

    I've tried to check in the log monitor of the XG if there evidence from the ping started by remote server (10.0.96.10) but nothing there. On the other hands the servers have the same configuration as before (the only difference is that the XG has been upgraded from v17 to v18 starting with clean configuration, so no migration).

    I'm loosing somewhere...

  • 0 in reply to ITA_Fabio

    Pardon me!.... Sometimes I should check twice before post!.... I've forgotten to reconnect the cable that goes from MPLS router (10.7.68.1) to the switch so the connection initializated from remote offices died on the router! Now each MPLS point can reach each other!

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?