Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 19 replies
  • Subscribers 34 subscribers
  • Views 75109 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Adding another NIC totally breaks XG Firewall and all dependent rules

Timothy Stewart

Hi.  I have been running XG firewall with 2 NICs - LAN and WAN.  I decided to add another for DMZ and it totally breaks the firewall.  All NICs get reassigned.  Port 1 LAN becomes DMZ, Port 2 WAN becomes LAN, and the newly added Port 2 becomes LAN instead of the unassigned DMZ.  This is crazy.  It wouldn't be so bad if it didn't break all of my rules the depend on Port 2 being WAN, which means when I reassign the new Port 3 to WAN the interface name changes and all business rules that depended on Port2_GW_DHCP get abandoned since this interface no longer exists.

Is this expected?  Is there a simple way to rename ports and reassign them to their old name, role, and position?  This seems like a major bug.



This thread was automatically locked due to age.
Parents
  • 0

    Sorry that no one has suggested a solution for you. I had a similar experience just after I first installed Sophos XG in a VM under ESXi. I added a NIC after the initial configuration, and it re-ordered my already configured NICs. I had not yet added any rules, so it was not much of a problem. I just had to figure out which vnic had been reassigned to my XG LAN port, so that I could log back in.

    If I remember correctly, someone had mentioned in a post that the XG interfaces (Port1, Port2, etc.) are assigned to NICs in MAC Address order, so I changed the ESXi-generated MAC Address of the newly added NIC to fall at the end of the list of installed NICS. This allowed me to preserve the assignments of the Ports / NICs from my initial configuration and have the new NIC show up as the last interface in XG.

    Good Luck,

    Will

  • 0 in reply to Will32
    Thank you for this! I am running ESXi too. I will give this a shot. You made my day. Nice workaround.
Reply Children
No Data