Hi everyone,
I am in a bit of a situation here with my Sophos XG Firewall. Earlier today I had to reboot the server that the Sophos VM is in for an unrelated issue. After everything rebooted, I have not been able to connect to the internet at all on any device in the LAN of the XG. Since I set the firewall up a few weeks ago, I have seen a bunch of Firewall logs that show the source IP of 192.168.1.1 making a bunch of random entries that are blocked. For example, the log is full of "Appliance access denied" from 192.168.1.1 with a destination of 255.255.255.255. My internet infrastructure is as follows, internet (coax) from isp goes to the modem, modem ethernet output goes to Eero gateway, and Eero's other LAN port connects to a small switch going to the host PC and the WAN port of the XG. For simplicity, I have Sophos XG VM's internet ports completely separate from the host operating system and other VMs. The server PC has 1 ethernet port for the host OS and all other VMs, and 2 ethernet ports dedicated to Sophos XG. It sounds a lot more complicated than it is.
The reason I bring up the issue about the host OS making a bunch of entries in the firewall log is that I think it might be related. I have no idea that the host os is connecting to the wan port of the xg, but it has never caused any issues before so I didn't look into it. Now, no devices are able to connect to the internet. If I go to any device connected to the XG LAN it just says no internet. I can't even access the web GUI of Sophos. If I log into Sophos Central, I can see the logs are full of "Appliance Access Denied" errors coming from 192.168.1.1 going to random addresses such as 192.168.255.255 on random ports. If I go to connected users and sort by source IP address, 192.168.1.1 does not show up there. All of the firewall rules show 0B in and 0B out.
Any ideas?
This thread was automatically locked due to age.
