Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 1051 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG allow internal serves to communicate using WAN IPs

P M1

We have some internal servers on which we have configured NAT rules to expose them to internet via dedicated WAN IPs for each server.

We are able to connect to the servers from WAN without any issues. But we are unable to connect from one server to another using WAN IPs.

Current Setup:

  • Port 2 listens to WAN and Port 3 & 4 are Bridged to from br0.
  • br0 falls in LAN Zone.
  • Each Server belongs to a different VLAN so we have created VLAN interfaces on br0 for each VLAN.
  • Server-01, WAN IP: 202.202.202.201, LAN-IP: 192.168.21.21, VLAN-21, VLAN Interface Gateway: 192.168.21.11, VLAN interface: br0.21
  • Server-02, WAN IP: 202.202.202.202, LAN-IP: 192.168.22.22, VLAN-22, VLAN Interface Gateway: 192.168.22.11, VLAN interface: br0.22
  • There is a firewall Rule which allows traffic between these VLANs
  • On both server's firewall of OS is turned off

Upon pinging Server-02's WAN IP from Server-01,

  • I get below response on Server-01 (from it's VLAN's gateway):
    From 192.168.21.11 icmp_seq=453 Destination Host Unreachable
  • I can see below entry in log viewer which shows that Sophos is allowing outbound traffic considering it as internet traffic. But it doesn't reach Server-02

Any pointer on what I am missing here?

Thanks!



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Karlos

    Hi 

    That doesn't seem to solve the issue. Curious enough, I tried to do a traceroute from VM1 to the VM2's WAN IP and it shows VM2's WAN IP in the very first line, but seems to get stuck there. The remaining lines don't display any IPs and it ends unconcluded.

    Does this have anything to do with the fact that the two VMs are on a different VLAN although on the same bridge?

    This is becoming a showstopper... Is there a way to get a Sophos Engineer to look into this via a Screen sharing session? (without having to explain everything in details again and going through the same troubleshooting steps?)

  • 0 in reply to P M1

    Hi

    Yes, you can open a Support Case with our team and they can schedule a remote session with you to troubleshoot in real time. 

    Karlos
    Community Support Engineer | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'This helped me' link.
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?