I have 4 LAN interfaces:
172.16.16.16 that I use for admin
192.168.8.1 that I use for my home network
192.168.100.1 that has 1 PC on it
10.1.1.1 that has 1 PC on it
While the gateways can be pinged from any network, I cannot see all of the PCs from other LANs.
I want to be able to access and RDP to PCs on all of the 4 networks.
I have tried using ACL, no success.
What do I need to do>
Thanks,
Peter
Can you verify with packet flow to check whether the firewall rule is there or not, please go to MONITOR & ANALYZE-->Diagnostics-->Packet Capture Click on configure Enter BPF string host 10.1.10.101 and proto ICMP
Make continuous ping to PC and enter PC IP instead of 10.1.10.101 which you are trying to reach share the screenshot for GUI
From SSH of Sophos XG with option 4 check tcpdump for destination IP
console>tcpdump 'host <PC IP> and proto ICMP
console>dr 'host <PC IP> and proto ICMP
Thanks and Regards
"Sophos Partner: Infrassist Technologies Pvt Ltd".
If a post solves your question please use the 'Verify Answer' button.
Hello there,
Thank you for contacting the Sophos Community.
Make sure you also have configured LAN to LAN rules, and disable the Local Firewall of the computers as a test.
Regards,
I understood Firewall Rules were for Zone to Zone traffic, all 4 networks are in the LAN Zone.
What rules do I need to configure?
The "Firewall" on the PC on 10.1.1.2 is OFF.
Peter
As requested:
10.1.1.2 the PC is on Port 4
Continuous was from PC on Port 6 (192.168.8.0)
Peter
console> tcpdump 'host 10.1.1.2'
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 byt
es
09:41:05.229742 Port4, OUT: IP 162.250.5.77.5938 > 10.1.1.2.65207: UDP, length 1
6
09:41:05.332677 Port4, IN: IP 10.1.1.2.65207 > 162.250.5.77.5938: UDP, length 16
09:41:05.461747 Port6, IN: IP 192.168.8.97 > 10.1.1.2: ICMP echo request, id 1,
seq 21673, length 40
09:41:05.629071 Port4, OUT: IP 162.250.5.77.5938 > 10.1.1.2.61740: Flags [P.], s
eq 2101114649:2101114851, ack 77232763, win 12648, length 202
09:41:05.683085 Port4, IN: IP 10.1.1.2.61740 > 162.250.5.77.5938: Flags [.], ack
202, win 1026, length 0
09:41:05.776282 Port4, OUT: IP 162.250.5.77.5938 > 10.1.1.2.65207: UDP, length 4
8
09:41:05.776826 Port4, IN: IP 10.1.1.2.65207 > 162.250.5.77.5938: UDP, length 48
09:41:05.826598 Port4, IN: IP 10.1.1.2.61740 > 162.250.5.77.5938: Flags [P.], se
q 1:57, ack 202, win 1026, length 56
09:41:05.858711 Port4, OUT: IP 162.250.5.77.5938 > 10.1.1.2.61740: Flags [P.], s
eq 202:258, ack 57, win 12648, length 56
09:41:05.905152 Port4, IN: IP 10.1.1.2.61740 > 162.250.5.77.5938: Flags [.], ack
258, win 1026, length 0
09:41:06.229664 Port4, OUT: IP 162.250.5.77.5938 > 10.1.1.2.65207: UDP, length 1
6
09:41:06.335408 Port4, IN: IP 10.1.1.2.65207 > 162.250.5.77.5938: UDP, length 16
09:41:06.629503 Port4, OUT: IP 162.250.5.77.5938 > 10.1.1.2.61740: Flags [P.], s
eq 258:460, ack 57, win 12648, length 202
09:41:06.670475 Port4, IN: IP 10.1.1.2.61740 > 162.250.5.77.5938: Flags [.], ack
460, win 1025, length 0
09:41:07.133569 Port4, IN: IP 10.1.1.2.50530 > 192.168.8.190.3289: UDP, length 1
4
09:41:07.229560 Port4, OUT: IP 162.250.5.77.5938 > 10.1.1.2.65207: UDP, length 1
6
09:41:07.340399 Port4, IN: IP 10.1.1.2.65207 > 162.250.5.77.5938: UDP, length 16
09:41:08.229837 Port4, OUT: IP 162.250.5.77.5938 > 10.1.1.2.65207: UDP, length 1
6
09:41:08.346671 Port4, IN: IP 10.1.1.2.65207 > 162.250.5.77.5938: UDP, length 16
09:41:08.633509 Port4, IN: IP 10.1.1.2.61740 > 162.250.5.77.5938: Flags [P.], se
q 57:81, ack 460, win 1025, length 24
09:41:08.706228 Port4, OUT: IP 162.250.5.77.5938 > 10.1.1.2.61740: Flags [.], ac
k 81, win 12648, length 0
09:41:09.229839 Port4, OUT: IP 162.250.5.77.5938 > 10.1.1.2.65207: UDP, length 1
6
09:41:09.352766 Port4, IN: IP 10.1.1.2.65207 > 162.250.5.77.5938: UDP, length 16
09:41:10.229680 Port4, OUT: IP 162.250.5.77.5938 > 10.1.1.2.65207: UDP, length 1
6
09:41:10.360307 Port4, IN: IP 10.1.1.2.65207 > 162.250.5.77.5938: UDP, length 16
09:41:10.360472 Port4, IN: IP 10.1.1.2.65207 > 162.250.5.77.5938: UDP, length 48
09:41:10.389890 Port4, OUT: IP 162.250.5.77.5938 > 10.1.1.2.65207: UDP, length 4
8
09:41:10.415298 Port4, IN: IP 10.1.1.2.50531 > 192.168.8.190.3289: UDP, length 1
4
09:41:10.442872 Port6, IN: IP 192.168.8.97 > 10.1.1.2: ICMP echo request, id 1,
seq 21674, length 40
09:41:10.755147 Port4, OUT: IP 162.250.5.77.5938 > 10.1.1.2.61740: Flags [P.], s
eq 460:516, ack 81, win 12648, length 56
09:41:10.756068 Port4, IN: IP 10.1.1.2.61740 > 162.250.5.77.5938: Flags [P.], se
q 81:137, ack 516, win 1025, length 56
09:41:10.788271 Port4, OUT: IP 162.250.5.77.5938 > 10.1.1.2.61740: Flags [.], ac
k 137, win 12648, length 0
09:41:10.788301 Port4, OUT: IP 162.250.5.77.5938 > 10.1.1.2.61740: Flags [P.], s
eq 516:718, ack 137, win 12648, length 202
09:41:10.839198 Port4, IN: IP 10.1.1.2.61740 > 162.250.5.77.5938: Flags [.], ack
718, win 1024, length 0
09:41:11.229949 Port4, OUT: IP 162.250.5.77.5938 > 10.1.1.2.65207: UDP, length 1
6
09:41:11.364979 Port4, IN: IP 10.1.1.2.65207 > 162.250.5.77.5938: UDP, length 16
09:41:11.780502 Port4, IN: IP 10.1.1.2.65207 > 162.250.5.77.5938: UDP, length 10
24
09:41:11.780589 Port4, IN: IP 10.1.1.2.65207 > 162.250.5.77.5938: UDP, length 10
24
09:41:11.780868 Port4, IN: IP 10.1.1.2.65207 > 162.250.5.77.5938: UDP, length 10
24
09:41:11.780945 Port4, IN: IP 10.1.1.2.65207 > 162.250.5.77.5938: UDP, length 10
24
09:41:11.781009 Port4, IN: IP 10.1.1.2.65207 > 162.250.5.77.5938: UDP, length 10
24
09:41:11.781118 Port4, IN: IP 10.1.1.2.65207 > 162.250.5.77.5938: UDP, length 10
24
09:41:11.781192 Port4, IN: IP 10.1.1.2.65207 > 162.250.5.77.5938: UDP, length 10
24
09:41:11.781263 Port4, IN: IP 10.1.1.2.65207 > 162.250.5.77.5938: UDP, length 10
24
09:41:11.781332 Port4, IN: IP 10.1.1.2.65207 > 162.250.5.77.5938: UDP, length 10
24
09:41:11.781401 Port4, IN: IP 10.1.1.2.65207 > 162.250.5.77.5938: UDP, length 10
24
09:41:11.781471 Port4, IN: IP 10.1.1.2.65207 > 162.250.5.77.5938: UDP, length 10
24
09:41:11.781562 Port4, IN: IP 10.1.1.2.65207 > 162.250.5.77.5938: UDP, length 10
24
09:41:11.781627 Port4, IN: IP 10.1.1.2.65207 > 162.250.5.77.5938: UDP, length 10
24
09:41:11.781709 Port4, IN: IP 10.1.1.2.65207 > 162.250.5.77.5938: UDP, length 10
24
09:41:11.781799 Port4, IN: IP 10.1.1.2.65207 > 162.250.5.77.5938: UDP, length 10
24
09:41:11.781880 Port4, IN: IP 10.1.1.2.65207 > 162.250.5.77.5938: UDP, length 10
24
09:41:11.781952 Port4, IN: IP 10.1.1.2.65207 > 162.250.5.77.5938: UDP, length 10
24
09:41:11.782023 Port4, IN: IP 10.1.1.2.65207 > 162.250.5.77.5938: UDP, length 10
24
09:41:11.782119 Port4, IN: IP 10.1.1.2.65207 > 162.250.5.77.5938: UDP, length 10
24
09:41:11.782199 Port4, IN: IP 10.1.1.2.65207 > 162.250.5.77.5938: UDP, length 10
24
09:41:11.788657 Port4, OUT: IP 162.250.5.77.5938 > 10.1.1.2.61740: Flags [P.], s
eq 718:920, ack 137, win 12648, length 202
09:41:11.816651 Port4, OUT: IP 162.250.5.77.5938 > 10.1.1.2.65207: UDP, length 4
8
09:41:11.844281 Port4, IN: IP 10.1.1.2.61740 > 162.250.5.77.5938: Flags [.], ack
920, win 1023, length 0
09:41:12.102257 Port4, OUT: IP 162.250.5.77.5938 > 10.1.1.2.65207: UDP, length 4
8
09:41:12.102810 Port4, IN: IP 10.1.1.2.65207 > 162.250.5.77.5938: UDP, length 48
09:41:12.179559 Port4, IN: IP 10.1.1.2.61740 > 162.250.5.77.5938: Flags [P.], se
q 137:193, ack 920, win 1023, length 56
09:41:12.211903 Port4, OUT: IP 162.250.5.77.5938 > 10.1.1.2.61740: Flags [P.], s
eq 920:976, ack 193, win 12648, length 56
09:41:12.229996 Port4, OUT: IP 162.250.5.77.5938 > 10.1.1.2.65207: UDP, length 1
6
09:41:12.259357 Port4, IN: IP 10.1.1.2.61740 > 162.250.5.77.5938: Flags [.], ack
976, win 1023, length 0
09:41:12.370780 Port4, IN: IP 10.1.1.2.65207 > 162.250.5.77.5938: UDP, length 16
09:41:12.788702 Port4, OUT: IP 162.250.5.77.5938 > 10.1.1.2.61740: Flags [P.], s
eq 976:1178, ack 193, win 12648, length 202
09:41:12.833293 Port4, IN: IP 10.1.1.2.61740 > 162.250.5.77.5938: Flags [.], ack
1178, win 1022, length 0
09:41:13.229920 Port4, OUT: IP 162.250.5.77.5938 > 10.1.1.2.65207: UDP, length 1
6
09:41:13.376657 Port4, IN: IP 10.1.1.2.65207 > 162.250.5.77.5938: UDP, length 16
09:41:13.423801 Port4, IN: IP 10.1.1.2.50531 > 192.168.8.190.3289: UDP, length 1
4
??^C
71 packets captured
71 packets received by filter
0 packets dropped by kernel
console> dr 'host 10.1.1.2'
2022-09-17 09:42:37 0101021 IP 10.1.1.2.60145 > 192.168.8.190.161 : proto UDP: p
acket len: 86 checksum : 60535
0x0000: 4500 006a 7a38 0000 8011 ebe1 0a01 0102 E..jz8..........
0x0010: c0a8 08be eaf1 00a1 0056 ec77 304c 0201 .........V.w0L..
0x0020: 0004 0670 7562 6c69 63a0 3f02 0254 6602 ...public.?..Tf.
0x0030: 0100 0201 0030 3330 0f06 0b2b 0601 0201 .....030...+....
0x0040: 1903 0201 0501 0500 300f 060b 2b06 0102 ........0...+...
Date=2022-09-17 Time=09:42:37 log_id=0101021 log_type=Firewall log_component=Fir
ewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_
dev=Port4 out_dev= inzone_id=1 outzone_id=1 source_mac=cc:52:af:3e:4f:01 dest_ma
c=20:7c:14:a0:fa:7e bridge_name= l3_protocol=IPv4 source_ip=10.1.1.2 dest_ip=192
.168.8.190 l4_protocol=UDP source_port=60145 dest_port=161 fw_rule_id=4 policyty
pe=2 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=2 hotsp
ot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0
app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid
=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=39155525
09 masterid=0 status=0 state=0, flag0=549892128776 flags1=2120 pbrid[0]=0 pbrid[
1]=0 profileid[0]=0 profileid[1]=0
2022-09-17 09:42:40 0101021 IP 192.168.8.97. > 10.1.1.2. :proto ICMP: echo requ
est seq 21692
0x0000: 4500 003c c1e3 0000 8001 a4d1 c0a8 0861 E..<...........a
0x0010: 0a01 0102 0800 f89e 0001 54bc 6162 6364 ..........T.abcd
0x0020: 6566 6768 696a 6b6c 6d6e 6f70 7172 7374 efghijklmnopqrst
0x0030: 7576 7761 6263 6465 6667 6869 uvwabcdefghi
Date=2022-09-17 Time=09:42:40 log_id=0101021 log_type=Firewall log_component=Fir
ewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_
dev=Port6 out_dev= inzone_id=1 outzone_id=1 source_mac=7c:83:34:b1:d6:15 dest_ma
c=20:7c:14:a0:fa:80 bridge_name= l3_protocol=IPv4 source_ip=192.168.8.97 dest_ip
=10.1.1.2 l4_protocol=ICMP icmp_type=8 icmp_code=0 fw_rule_id=4 policytype=2 liv
e_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=2 hotspot_id=0
hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0 app_cat
egory_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid=0 nat_i
d=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=902571505 master
id=0 status=0 state=0, flag0=549892128776 flags1=2120 pbrid[0]=0 pbrid[1]=0 prof
ileid[0]=0 profileid[1]=0
2022-09-17 09:42:41 0101021 IP 10.1.1.2.60145 > 192.168.8.190.161 : proto UDP: p
acket len: 50 checksum : 29833
0x0000: 4500 0046 7a39 0000 8011 ec04 0a01 0102 E..Fz9..........
0x0010: c0a8 08be eaf1 00a1 0032 7489 3028 0201 .........2t.0(..
0x0020: 0004 0670 7562 6c69 63a1 1b02 0254 6202 ...public....Tb.
0x0030: 0100 0201 0030 0f30 0d06 092b 0601 0401 .....0.0...+....
0x0040: 950b 0102 0500 ......
Date=2022-09-17 Time=09:42:41 log_id=0101021 log_type=Firewall log_component=Fir
ewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_
dev=Port4 out_dev= inzone_id=1 outzone_id=1 source_mac=cc:52:af:3e:4f:01 dest_ma
c=20:7c:14:a0:fa:7e bridge_name= l3_protocol=IPv4 source_ip=10.1.1.2 dest_ip=192
.168.8.190 l4_protocol=UDP source_port=60145 dest_port=161 fw_rule_id=4 policyty
pe=2 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=2 hotsp
ot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0
app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid
=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=15719659
79 masterid=0 status=0 state=0, flag0=549892128776 flags1=2120 pbrid[0]=0 pbrid[
1]=0 profileid[0]=0 profileid[1]=0
2022-09-17 09:42:42 0101021 IP 10.1.1.2.60145 > 192.168.8.190.161 : proto UDP: p
acket len: 50 checksum : 29577
0x0000: 4500 0046 7a3a 0000 8011 ec03 0a01 0102 E..Fz:..........
0x0010: c0a8 08be eaf1 00a1 0032 7389 3028 0201 .........2s.0(..
0x0020: 0004 0670 7562 6c69 63a1 1b02 0254 6302 ...public....Tc.
0x0030: 0100 0201 0030 0f30 0d06 092b 0601 0401 .....0.0...+....
0x0040: 950b 0102 0500 ......
Date=2022-09-17 Time=09:42:42 log_id=0101021 log_type=Firewall log_component=Fir
ewall_Rule log_subtype=Denied log_status=N/A log_priority=Alert duration=N/A in_
dev=Port4 out_dev= inzone_id=1 outzone_id=1 source_mac=cc:52:af:3e:4f:01 dest_ma
c=20:7c:14:a0:fa:7e bridge_name= l3_protocol=IPv4 source_ip=10.1.1.2 dest_ip=192
.168.8.190 l4_protocol=UDP source_port=60145 dest_port=161 fw_rule_id=4 policyty
pe=2 live_userid=0 userid=0 user_gp=0 ips_id=0 sslvpn_id=0 web_filter_id=2 hotsp
ot_id=0 hotspotuser_id=0 hb_src=0 hb_dst=0 dnat_done=0 icap_id=0 app_filter_id=0
app_category_id=0 app_id=0 category_id=0 bandwidth_id=0 up_classid=0 dn_classid
=0 nat_id=0 cluster_node=0 inmark=0x0 nfqueue=0 gateway_offset=0 connid=34888300
47 masterid=0 status=0 state=0, flag0=549892128776 flags1=2120 pbrid[0]=0 pbrid[
1]=0 profileid[0]=0 profileid[1]=0
Hi Peter
As per the logs, it seems traffic is passing from the rule id 4 can you confirm under MONITOR & ANALYZE-->Diagnostics-->Packet Capture Click on configure Enter BPF string host 192.168.8.190 and proto ICMP and share the screenshot for the result you got as well as the can you post the same rule ?
Also, additional information about your XG appliance hardware or software with the current firmware version is required.
Regards
"Sophos Partner: Infrassist Technologies Pvt Ltd".
If a post solves your question please use the 'Verify Answer' button.
OK, I created a LAN to LAN firewall rule, with Firewalls off I can ping backwards and forwards. If I turn the rule off I lose the ability to ping.
I cannot RDP or \\hostname\ to any.
Peter
Hello Peter,
Thank you for the update.
As mentioned you do need a LAN to LAN Firewall rule for the devices to communicate.
Even with the Firewall Rules enabled you are not able to RDP?
Regards,
I have successfully been able to RDP to the 10.1.1.1 network using both IP and Hostname.
Still struggling with the other but trying a few things.
Peter
I re did the 192.168.100.x network as 10.1.2.x, still had an issue, eventually I discovered that it was the PC, it would not accept RDP. Booted into WIN7 (dual boot) checked the IP, was able to RDP to the IP address, not Hostname, but I think the Hosts file might resolve that.
Peter