Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 3 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 425 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG + Unifi / VLAN = No internet

Zerry Zakman

I just cannot figure this out now. Been trying this for a day and desperately need your advice on this.

I am trying to build a simple separated (isolated) VLAN from Ubiquiti Unifi AP Network to Internet route:  Unifi AP -> Unifi Switch -> Sophos XG.

The AP clients gets IP and gateway fine from XG DHCP but all my clients on that network says No internet but can access to networks in my LAN. It should be exactly the other way around. Internet access but no access to any device in my LAN. Just a simple isolated pipe from AP to internet. No go with present settings.

Everything else works. Other networks from APs to internet works fine, the whole LAN works fine, can access to internet from everywhere but just cannot get isolated VLAN work.

Here is my setup:

Sophos XG:

Unifi:

What am I doing wrong?



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    please try changing the source network "myvisitors" to a network address "myvisitors network" = 10.10.20.0/24

    ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Hi,

    Thanks for the prompt answer. I was not sure what you mean by changing "source network". You meant to change rule source network name? Like this? No go.

    Here is a little more details about from the AP clients (Win11 + droid): The connection says that NO internet.

    DHCP data is fine

    but just cannot get data using internet browser (firefox)

    Android devices says that "connected without internet" when I connect to this VLAN network.

    But what is strange to me that at the same time when there is no internet for win11 I can ping google!

    (There is only one NIC = WIFI in the computer and therefore it is impossible to get data from another connection)

    And this should be isolated VLAN and still I can ping all the devices in the networks:

    Just can't figure this out. I may be stupid or just tired but there is something fishy here now.

Reply
  • 0 in reply to rfcat_vk

    Hi,

    Thanks for the prompt answer. I was not sure what you mean by changing "source network". You meant to change rule source network name? Like this? No go.

    Here is a little more details about from the AP clients (Win11 + droid): The connection says that NO internet.

    DHCP data is fine

    but just cannot get data using internet browser (firefox)

    Android devices says that "connected without internet" when I connect to this VLAN network.

    But what is strange to me that at the same time when there is no internet for win11 I can ping google!

    (There is only one NIC = WIFI in the computer and therefore it is impossible to get data from another connection)

    And this should be isolated VLAN and still I can ping all the devices in the networks:

    Just can't figure this out. I may be stupid or just tired but there is something fishy here now.

Children
  • 0 in reply to Zerry Zakman

    You are currently using the interface address not the network. I suggested you change the interface name in the firewall rule to the network address range.

    :myvistors is the name of you your interface, myvistors network is the name of the network attached to myvisitors interface.

    eg source LAN source network is 10.10.20.0/24

    Ian

    XG115W - v19.5.1 mr-1 - Home

    If a post solves your question please use the 'Verify Answer' button.

Unfiltered HTML