Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 9 replies
  • Subscribers 27 subscribers
  • Views 7603 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall not passing data

DougScudder

Had to install XG firewall in a virtual machine, VirtualBox, gave the VM exclusive access to the network interfaces, WAN is picking up IP from my ISP, but I am unable to connect to Internet through the firewall.  I added a rule allowing all traffic to pass from LAN to WAN but without any success.  Any ideas?  Any help is very welcome!



This thread was automatically locked due to age.
  • 0

    Doug,

    if XG is installed as VM on a Computer, I am sure you have at least 2 different vNIC dedicated to XG (one for LAN and one for WAN). Also, how are the other computer connecting to XG?

    Make sure proper virtual settings are configured.

    Please share a mpa of what you would like to achieve.

    Regards

  • 0

    Hi,

    Check 3 points.

    1. Does your firewall rule gave Masquerading defined?

    2. Is your WAN gateway green inside the WAN link manager?

    3. Proper DNS settings.

    Finally, show me drop packet capture logs and what error message do you get while surfing.

    Thanks

  • 0 in reply to lferrara

    I have two NICs in the host computer.  Both NICs are configured to give exclusive access to the XG VM.   I have a small switch that connects all the other devices to the XG.  It is a very simple setup: networked devices connected to a layer 2 switch, switch connected to LAN interface on the XG, XG WAN interface connected to cable modem.  I am receiving a public address from my ISP via DHCP and the DNS settings point to my ISP's DNS servers.  I can't reach anything on the Internet.  Pings 100% failure from the LAN interface.

  • 0 in reply to sachingurung

    My firewall does not have Masquerading defined.

    WAN interface is green inside the WAN Link Manager

    DNS is pointed at my ISP's DNS servers.

    I will gather a drop packet capture log and post it this evening.

  • 0 in reply to sachingurung

    I have the default MASQ policy in place, unaltered.  I cannot find a way to save the packet capture.  I have moved the XG to a different, dedicated machine (no VM) with two network interfaces.  When I completed the installation, but before I logged into the Web Interface, I had Internet access.  After first logging in to the Web Interface and after registering and synchronizing licenses, but before starting the config wizard, I still had Internet.  Once I started the config wizard, accepting defaults on everything, I lost connection.  I went in through the console, reset to factory defaults and still no Internet.

  • 0 in reply to DougScudder

    Doug,

    can you share a screenshot of your firewall rule?

    Is the XG able to surf on internet?

    Thanks

  • 0 in reply to lferrara

    I can ping, traceroute, and lookup up from Port 2 - WAN, but not from Port 1- LAN.  Here are screenshots of the two rules, the second was automatic in the initial config.

     

  • +1 in reply to DougScudder

    Doug,

    Remove the "match know users " and you will be able to surf.

    With that checkbox enabled, you have to authenticate in some way otherwise firewall will deny unknown users.

    Regards

  • 0 in reply to lferrara

    That did the trick, for the most part.  I can get to a number of websites, but none of my news sites and some others, as well.  I get a 500 error and a message that the website isn't working properly.  I have  web filtering and IPS shut off for testing purposes.  Thanks for your help!