Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 28 subscribers
  • Views 10355 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

My XG Firewall is not routing between interfaces

Mohamed Hassan

Hi All,

I'm running Sophos XG home on Hyper-V and this is my current setup:

2 VMnic connected to internal vswitch, first VMnic has vlan 2 tagged and second has vlan 3 tagged. The XG has two ports or interfaces 192.168.2.254 and 192.168.3.254. There is nothing wrong with this it's all about putting the right firewall rule.


Basically if there is a computer in any of the networks they can only communicate with their network but not across the two networks.
I created two hosts objects for 192.168.2.0/24 and 192.168.3.0/24 and created firewall rule and they still won't communicate. I also tried same firewall with ports or interfaces. I tried any source network and destination network and none won't work.


I'm sure there is something blocking them because I can see from the firewall logs that packets from one network to another is denied. I unticked match knows users and won't make difference.
I tried this with Sophos UTM and no routing issues as soon as firewall rule created to allow routing and now I want to start using XG but can't get past this.

 

Can someone please help me??



This thread was automatically locked due to age.
Parents
  • 0

    Question: what is it you are trying to accomplish here?  If you tagged the NICs, where did you tag them? Did you tag the interfaces? on the Sophos?

    If you have a BPF setup it should give you a reason the traffic is dropped. I'm not totally certain why you have the vlan tagging as at a routing level you don't usually use that unless they were both hooked up to a similarly tagged switch to provide network access on different networks through the same switch. You'd also want to ensure that the switch port(s) in question are PVID'd and/or tagged or whatever the switch vendor's nomenclature is depending on what you're trying to accomplish.

     

    Cheers.

Reply
  • 0

    Question: what is it you are trying to accomplish here?  If you tagged the NICs, where did you tag them? Did you tag the interfaces? on the Sophos?

    If you have a BPF setup it should give you a reason the traffic is dropped. I'm not totally certain why you have the vlan tagging as at a routing level you don't usually use that unless they were both hooked up to a similarly tagged switch to provide network access on different networks through the same switch. You'd also want to ensure that the switch port(s) in question are PVID'd and/or tagged or whatever the switch vendor's nomenclature is depending on what you're trying to accomplish.

     

    Cheers.

Children
No Data