Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 2 answers
  • Subscribers 27 subscribers
  • Views 657 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SOPHOS V19.02 UPGRADE

err

Since upgrading the firmware version, a couple of devices have been blocked from sending traffic between the subnet 192.168.1.0 and 192.168.2.0.

I have set up rules to allow traffic to and from the devices but still unable to ping.

the device in the address 192.168.1.0 trying to ping 192.168.1.23

A device in 192.168.2.0 address trying to ping 192.168.1.23 

How do i ensure untimed communication across two subnets.



This thread was automatically locked due to age.
Parents
  • 0

    Hello there,

    Thank you for contacting the Sophos Community.

    How are the networks connected to the Firewall? are they one in one Port for example, Port1 and Port3? 

    If they’re in the same zone, make sure you have a LAN to LAN Firewall Rule or one that matches the zone in the traffic is coming and going.

    You wouldn't need to add routes in the devices; as long as they use the Sophos Firewall as a gateway, the Sophos Firewall should handle the traffic.

    If the issue persists, try doing a GUI Packet Capture to confirm what Firewall rule the traffic is using, also make sure the Device Firewall (Windows firewall) is disabled. 

    Regards

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    The network 192.168.1.0 is via port1 LAN zone and 192.168.2.0 is on port5 "subnet1" zone.

    I have created a rule to allow both zones to communicate. I have now noticed only two ( Dicom printers in LAN zone port1) out of all devices in the facility are not reachable from the second subnet in the zone.

  • 0 in reply to err

    Hello,

    I would recommend you to do a GUI Packet Capture for traffic going to the IP of the Printers, then do TCPdump from the CLI of the Sophos Firewall to see if you see the packet leaving the Port1 going to the printer, and if you see traffic coming back to the Sophos Firewall on Port1 from the Printer, if you see the traffic leaving Port1 and not coming back, most likely an issue with the printers, at this stage then you would be looking to either, Masquerading the traffic (so the printer thinks the traffic is coming from their own subnet) or checking directly in the printer if there’s any setting incorrectly configured.

    An example for the CLI Tcpdump:

    #tcpdump -eni Port1 host 192.168.1.123 and icmp

    Then start a Ping from a computer on 192.168.2.X and see if you see the packet leaving Port 1.

    Regards, 

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Reply
  • 0 in reply to err

    Hello,

    I would recommend you to do a GUI Packet Capture for traffic going to the IP of the Printers, then do TCPdump from the CLI of the Sophos Firewall to see if you see the packet leaving the Port1 going to the printer, and if you see traffic coming back to the Sophos Firewall on Port1 from the Printer, if you see the traffic leaving Port1 and not coming back, most likely an issue with the printers, at this stage then you would be looking to either, Masquerading the traffic (so the printer thinks the traffic is coming from their own subnet) or checking directly in the printer if there’s any setting incorrectly configured.

    An example for the CLI Tcpdump:

    #tcpdump -eni Port1 host 192.168.1.123 and icmp

    Then start a Ping from a computer on 192.168.2.X and see if you see the packet leaving Port 1.

    Regards, 

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Children
No Data
Unfiltered HTML