Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 26 subscribers
  • Views 5280 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Routing Rules

Jonathan Bonnett

So I have another firewall set up on our LAN which is being used to direct traffic for a piece a software we use to their data centers. ( I have no control over this device) The way we have it set up currently in our old Sonicwall is just 4 sets of ip addresses are being routed to the the other firewall that is on our LAN, which is acting as the gateway in the routes. Works fine. 

Found out the hard way that you just can't set up static routes in XG, you must also set up a rule to allow the 4 sets of ip addresses to connect to the other firewall. The software runs fine until we need to print something through a print server at their data centers, which then get routed back to our local printers. It doesn't seem to be making it through to the printers that are on the LAN. In the pic you can see outgoing traffic but no incoming traffic. The CDK incoming rule is just something I created recently but haven't tested it yet. It is just a clone of the outgoing rule except the source and destinations are flipped. The printers rule is something that Sophos Tech Support added but doesn't work. I'm not sure if this will fix it or not, but I won't be able to test it until off hours. 

 



This thread was automatically locked due to age.
Parents
  • 0

    Jonathan,

    the print server and the printers are in the same Network ID?

    Can you explain better the IP/Netmask configuration?

    A network map would help.

    Thanks

  • 0 in reply to lferrara

    The print server is not on the LAN, but the printers are. 

     

     

    We basically need x.x.x.0/24, x.x.x.0/24, x.x.x.192/27, and x.x.x.0/24 to be routed to the VLAN switch which has a local IP of .201. That VLAN is suppose to handle that traffic and send it back through their firewall to the data centers. I set up the static routes and added the rule to allow this and it seems to work fine, but there seems to be an issue with sending traffic back to the LAN where the printers are located. 

Reply
  • 0 in reply to lferrara

    The print server is not on the LAN, but the printers are. 

     

     

    We basically need x.x.x.0/24, x.x.x.0/24, x.x.x.192/27, and x.x.x.0/24 to be routed to the VLAN switch which has a local IP of .201. That VLAN is suppose to handle that traffic and send it back through their firewall to the data centers. I set up the static routes and added the rule to allow this and it seems to work fine, but there seems to be an issue with sending traffic back to the LAN where the printers are located. 

Children