Guest User!

You are not Sophos Staff.

Thread Info
  • Locked Locked
  • Replies 11 replies
  • Subscribers 29 subscribers
  • Views 23635 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos xg85 WLAN - separate zone issues

frozeneye

Hi,

with our new xg85 for our Branch Office we have a Problem with the guest WLAN with separate zone. Most Websites are hanging and some doesn't come up completeley.

With a test WLAN with bridge to ap-lan everything works fine.

This are normal wlans with wpa2 personal/AES Security. For the guest WLAN the policy ist set from  this LAN-segment  with any services to wan is allowed. Same rule for bridge-to LAN works perfect.

Any hints?

Thanks you,

best regards,

Markus



This thread was automatically locked due to age.
Parents

  • Hi Frozen,

    WLAN Separate seems fully functional in my test environments, out of curiosity can you check that DNS is allowed on the System > Administration > Device access page.

    When I first set up a separate zone in Beta I had a similar issue and it was because I had accidentally turned off DNS for the Guest Zone wireless.

    Probably a non issue but I've had that happen to a customer and I and it was a head scratcher for a moment!

  • in reply to Emile Belcourt

    Hi Emile,

    thanks but this was not the issue... DNS is active....

    Any other hints?

  • in reply to frozeneye

    Hi Frozen,

    I'm just gonna ask some starting Qs:

    Did you create the interface for the Separate Zone under System > Networks > Interfaces?

    Did you add the interface to an appropriate zone?

    Is that Zone able to do DNS under System > Administration > Device Access?

    Do you have DHCP for the SZ Wireless Network?

    (Follow on) Does the SZ Wireless Network DHCP point the users for DNS to the XG?

    (If not) Is there a policy rule to allow hosts in the SZ zone/subnet to DNS your internal DNS?

    (if yes) are you able use CLI NSLookup to point at googles DNS server to get a response?

    Do you have a policy for testing purposes to allow Any Service from the SZ network out to the internet?

  • in reply to Emile Belcourt

    Hi,

    i have since yesterday an AP15 in use. And i have the same Issue. Some Sites (www.speedtest.net) or IOS App ( Clash Of Clans) not working.

    Other Sties and Apps etc working. When i switch the Client Traffic to "Bridge to AP LAN" works all.

    MR-2 running. 

    Need Help

    Regards

Reply Children
No Data