Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Subscribers 27 subscribers
  • Views 12208 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG Internet for only a few minutes

Ryan Roger Taer

I configured a new XG 135 to be the main router of our network.  On boot up, it works very well but a few minutes later, all clients suddenly can no longer access to the Internet.  The box itself continues to be connected to the internet and able to ping/traceroute/resolve on the Internet.  It seems it's just not forwarding traffic to outside.

Here's a rough network diagram.

Summary of configuration:

Firewall:

LAN to WAN, from MENA Network to Any, Allow, Apply MASQ and Traffic Shaping

LAN to WAN, from MMC Network to Any, Allow, Apply MASQ and Traffic Shaping

LAN to WAN, from MEU Network to Any, Allow, Apply MASQ and Traffic Shaping

LAN to LAN, from Any to Any, Allow

 

Static Routes:

0.0.0.0/0.0.0.0 213.175.179.201 WAN 0

192.168.11.0/255.255.255.0 192.168.44.2 LAN 0

192.168.22.0/255.255.255.0 192.168.44.2 LAN 0

192.168.33.0/255.255.255.0 192.168.44.2 LAN 0

 

As I said, it would work for a few minutes but will suddenly stop without any changes in configuration.  What am I missing?



This thread was automatically locked due to age.
Parents
  • 0

    Ryan,

    Did you check the firewall logs? What they are saying?

    Ping and tcpdump from affected machine to Internet?

    Thanks

  • 0 in reply to lferrara

    Did some more testing today.  Here's what I know so far:

     

    1. It is not a firewall problem
      • I created an Allow All rule right at the top (from “Any” to “Any” Allow).
      • Log confirms the traffic is allowed through.
    2. It is not a problem with the HP core switch
      • I connected my laptop straight to the Sophos and pretended to be a LAN computer.  Still traffic isn’t going through.
      • Traceroute to any external IP stops at Sophos.  This means the Procurve was able to route the traffic to Sophos.  It just can’t get out of there.
    3. It is not an authentication or quota problem
      • I created a user with unlimited quota or any limitations whatsoever and authenticated my laptop with that user.
      • Sophos detects correctly that my laptop is authenticated.  Still no traffic going through.
    4. It’s not a firmware problem.
      • Both SFOS v15 and SFOS v16 had the same problem.
    5. During all this, Sophos is able to ping any address on the LAN or on the Internet.

    Any other ideas?

Reply
  • 0 in reply to lferrara

    Did some more testing today.  Here's what I know so far:

     

    1. It is not a firewall problem
      • I created an Allow All rule right at the top (from “Any” to “Any” Allow).
      • Log confirms the traffic is allowed through.
    2. It is not a problem with the HP core switch
      • I connected my laptop straight to the Sophos and pretended to be a LAN computer.  Still traffic isn’t going through.
      • Traceroute to any external IP stops at Sophos.  This means the Procurve was able to route the traffic to Sophos.  It just can’t get out of there.
    3. It is not an authentication or quota problem
      • I created a user with unlimited quota or any limitations whatsoever and authenticated my laptop with that user.
      • Sophos detects correctly that my laptop is authenticated.  Still no traffic going through.
    4. It’s not a firmware problem.
      • Both SFOS v15 and SFOS v16 had the same problem.
    5. During all this, Sophos is able to ping any address on the LAN or on the Internet.

    Any other ideas?

Children