Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Subscribers 28 subscribers
  • Views 21258 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

I can't ping the GW IP from LAN trough XG Firewall

David Babiano Rodriguez

Hi to all,

I'm new in Sophos XG firewall world and I have an estrange issue...

I have one XG210 unit in my lab. I have one LAN network and one WAN network (very simple lab). When I configure the WAN port with static IP address, I can't ping the GW router (this is the gw in my company and works fine) and when I configure the WAN port with DHCP client, when DHCP server lease the IP to the XG, I can reach the GW without any problems... When I can't reach the gateway by ping, I'm able to browse internet...

Someone knows why??? I have checked the subnet mask and is configured properly...

Thanks for all!!!

Kind Regards,

David



This thread was automatically locked due to age.
  • +1

    Hello David, 

    It seems like an ARP issue when you are using the static IP, do you use the same IP that you get via DHCP or another?

    Can you also ensure that the same IP is not being used anywhere else in the network?

    Regards,

  • 0 in reply to varunparikh

    Hi,

    I hasn't see a route in our core switch that match this traffic...

    I'm using other IP address to configure the WAN port and now all is working!!

    Thanks!!

    Regards.

    David.

  • +1

    HI David , 

    As Varun Suggestion, the ARP is indeed an issue in your Gateway . You may manually initiate the ARP request to your gateway via console access.

    console >system diagnostics utilities arp ping source 1.1.1.1 interface PortB 1.1.1.2

    Where in the example 1.1.1.1 is the WAN configured on XG device and Port B is the WAN interface and 1.1.1.2 is your Gateway address. 

    Check if you are able to receive the reply , if so try to ping again from the console itself . 

    console >system diagnostics utilities ping sourceip 1.1.1.1 interface PortB  1.1.1.2

    If you have received the reply then you are good to go , if not and able to browse then try to ping 8.8.8.8 if you are able to receive reply then change the address of your gateway to 8.8.8.8. 

    BY any chance you are not able to ping 8.8.8.8 then you may use any http website and change the failover condition to tcp instead of ping and type any host address accessible on WAN.

  • 0 in reply to David Babiano Rodriguez

    David,

    Did you fix your issue?

    Thanks

  • +1 in reply to lferrara

    Hi,

    yes, I fixed the issue... The problem was one static route configured in our CORE switch, which had got included the IP that I was using for my tests. Then, when I tried to reach the CORE switch (Is the gateway in our network) the traffic was matching this static route and it launch the traffic via other gateway... 

    Thanks for all!!

    Regards,

    David.