Guest User!

You are not Sophos Staff.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Wifi clients unable tp ping hard wired clients in bridge

Hi,

I have an XGS107w that I am configuring and i'm having trouble getting clients to communicate from wifi to hard wired clients.

I have Port 1 and the wifi network connected via a bridge interface

I have two clients connected, one is hard wired with an IP address of 10.1.10.102

I have another client connected via wifi with an IP of 10.1.10.101

The hard wired client can ping the wireless client(though the pings are oddly high).

The wireless client cannot ping the wired client at all.

They can both access the internet

These are the rules I currently have set up: 

Any help would be appreciated.

-Alex



This thread was automatically locked due to age.
Parents
  • Hi Alex 

    Please check by creating firewall rule from LAN-WiFi and WiFi-LAN firewall rule and enable ping under Device access on lan and wifi zone

    Regards

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • Hi Bharat,

    Do you mean like this?:



    I actually currently have both the Wifi and the Wired network grouped under the "LAN" zone, so I thought only a lan2lan would be needed:

    I've also confirmed that pinging is enabled under devices access.

    Unfortunately it is still not working.

    Thanks,

    Alex

  • Please check with tcpdump on SSH of Sophos XG with option 4 

    console>tcpdump 'host 10.1.10.102 and proto ICMP 

    console>tcpdump 'host 10.1.10.101 and proto ICMP  

    Share the output 

    Please go to MONITOR & ANALYZE-->Diagnostics-->Packet Capture Click on configure Enter BPF string host 10.1.10.101 and proto ICMP share the packet flow with a snapshot.

    Thanks and Regards

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • in addition to this post, do the packet capture on diagnostic/packet capture on GUI. This shows if you may have IP Spoof blocks or something like that.

    ip spoof may match in a bridge configuration when the same ip subnet is on the same VLAN on different interfaces and other circumstances. had this too in the past.

    community.sophos.com/.../red60-vlan-bridged---blocked-because-of-invalid-traffic-ip-spoof

  • I actually currently have both the Wifi and the Wired network grouped under the "LAN" zone, so I thought only a lan2lan would be needed:

    Yes only LAN-LAN firewall required you can delete lan to wifi rules 

    Regards

    "Sophos Partner: Infrassist Technologies Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

Reply Children
No Data