Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 48 replies
  • Answers 1 answer
  • Subscribers 30 subscribers
  • Views 4593 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Can't access Synology server once Sophos XG Firewall is connected to Cisco switch

Chevyavalanche

As I've worked through some (not all) setup issues, one that continues to stump me is the fact that when my NAS is connected to switch along with all other LAN devices and incoming internet from router, life is good. I can access my NAS no problem.

The minute I connect my router to Sophos XG V19 WAN (through bridge interface and one LAN port is connected to an open port on switch), I can connect to other LAN devices with exception being my NAS server. I can't ping the IP address either. Something is blocking access but I'm just not sure what it could be.

I also connected NAS directly to the Sophos XG device and that didn't make a difference. I've tried a couple of firewall rules and that didn't solve the issue. This same phenomenon happened on another firewall device with exception being I could connect NAS directly to the firewall device and access it but when I connected the NAS to my switch (my preferred connection method), I couldn't access or ping it.

So there has to be some setting within the NAS that is being blocked by XG that is unique from a PC, tablet or smart phone. I've scoured the internet and haven't found a solution.

ISP-->Router-->switch-->LAN devices (current state where NAS is accessible)

ISP-->Router-->Sophos XG-->switch-->LAN devices (future state where NAS is not accessible)

Also keep in mind, I'm learning as I go with Sophos XG so I may not completely understand suggested fixes so please bear with me.

Any help is definitely appreciated.



This thread was automatically locked due to age.
  • 0 in reply to Bharat J

    That's link I've already tried and continue to get the above error. I asked you how to add this:

    How do you add the 10.5.5.1 and Default RSA? I can't add that in the box.

    Here's a snippet from the packet capture.

  • 0 in reply to Chevyavalanche

    I have re-read your original post and still believe that something is happening on the switch.

    Everything works fine without the XG.

    When you have the XG attached, can you confirm that everything works as expected except you can no longer access the NAS? Internet access from your workstations is fine?

    When you say you can no longer access the NAS, does that include from the workstations?

    Can you confirm you are using a single subnet for all your LAN equipment and no VLANs?

    Can you confirm you are making a single connection from the switch to the XG?

    Have you had a look at the error logs on the switch?

  • 0 in reply to JasP

    Hi JasP

    Everything works fine without XG---YES

    XG Attached--Can no longer access NAS as well as a ReadyShare drive connected to R8000. Internet access from stations like the one I'm typing on is fine.

    Access NAS/does that include workstations--YES, I can no longer access the NAS from this workstation I'm typing on.

    Single Subnet for all LAN equipment...NO VLANs

    YES, there is only one connection from XG to Switch

    Switch error logs:  gi12 is the port where XG connects to switch. This is very strange as I read this. In all honesty, this is first time I've looked at this RAM log. what exactly does it mean when gi12 is 'Forwarding'? What's even more puzzling is why the port is up and then down. Guess I could try another port but I've already done that before (still no NAS connection) but I didn't look at the logs when I did that.

  • 0 in reply to Chevyavalanche

    In all honesty, I never thought I would have so many problems like this and am certainly no expert when it comes to configuring a firewall of this complexity. I just appreciate everyone's help on this.

  • 0 in reply to Chevyavalanche

    Please go to System -->Administration -->Licensing and share the snapshot of the license status 

    Regards

  • 0 in reply to Chevyavalanche

    I also continue to get this when trying to update my network...it's a miracle I got it to save in the first place.

    Item 1 doesn't make sense when I'm actually connected to the device so I don't know what is going with this but it concerns me.

    Could this be a registration issue?

  • 0 in reply to Chevyavalanche

    The whole point of a switch (and the clue is in the name) is that it makes network connections point to point between two communicating devices (this is ignoring broadcast traffic). If you are losing connection between the workstation and the NAS, then something is happening on the switch that causes it's connection to the NAS to drop. That's why I think this is a switch issue not an XG configuration issue. Plugging in the XG is clearly causing it but it is affecting something on the switch.

    What is the configuration of  the XG and NAS ports on the switch? What port is the NAS on? It's probably also worth trying different ports on the switch (just in case you have a bad port) and changing the network cables.

    Not an expert on Spanning Tree Protocol but I believe that "STP status Forwarding" is a normal status (and probably should be shown as Informational rather than Warning). It basically means that it is passing traffic.

  • 0 in reply to Chevyavalanche

    Please log in on https://id.sophos.com/  login with your registered email id once login

    Go to MySophos -->Network Protection-->View Device filter your appliance key and under action click on subscribe and share the status 

    Regards

  • 0 in reply to Bharat J

    This is all I see...The line going around the 'S' just keeps going and going...