Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 1 reply
  • Subscribers 28 subscribers
  • Views 7396 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

DHCP clients have no internet access

Darren Wilder

I am new to the Sophos brand of firewalls so forgive me if this is a simple over site on my part. I was able to get the XG105 setup with a comcast static ip address. I was able to setup port 1(LAN) as my DCHP server as shown in one of the videos posted in this forum. I was able to get a windows machine to grab an IP address  including gateway (which is the firewall's IP adress) to the client machine. I set a firewall rule for internet access to allow any user and any service (Https, http, and dns) to the WAN . the problem is that i cannot get internet access on the windows machine. I have flushed dns , i have disable/reneableed the nic, rebooted, all devices. No internet access on the client that grabbed an IP address from the port running DHCP. This doesn't seem to complexed at all but I seem to be missing something if any one cares to help out . Thanks 



This thread was automatically locked due to age.
Parents
  • +1

    If you connect the XG according to the video that Sophos supplies, the default policy should give you access to the internet but no protection. Did you have this access at the beginning?

    This is my setup for the XG 105

    This is the order of my rules.

     Firewall Rules

    1. Rule Name Lan to Wan

    Set to ACCEPT

    Source Zone Lan                  Source Networks ANY

    Destination Zone Wan        Destination Networks ANY

    Services add the following HTTP, HTTPS, DNS, NTP, PING, SIP for VoIP (if needed).

    Intrusion Prevention Lan to Wan General

    NAT & Routing

    Rewrite source address (Masquerading)

    Put a check mark in Rewrite.

    Use Out Bound MASQ (which is the IP address of your out bound Gateway.)

    Primary Gateway
    WAN Link Load Balance
     
    DSCP Marking Select DSCP MARKING
     
    Traffic Shaping Policy is NONE
     
    ALL OF THE ABOVE IS IN 1 FIREWALL Rule.

    2. Use the Default Policy Rule that Sophos creates. Change it to Drop and place it at the bottom of the list.

    Try this.

    I have more rules to block traffic from the DMZ to LAN and Lan to DMZ. I put a wireless router on the DMZ for guests that need Internet access and peoples phones.

    I also created firewall rules to allow remote VPN access.

    Then there is one more rule for VoIP.

    I have a set of 8 rules in total.

    In Configure Network on the Left side column of Options.

    Click on Network.

    Zones make sure you have a check in the DNS box in both LAN and WAN.

    Interfaces

    Port 2 is the Wan.  I have DHCP selected. The Gateway name is filled in.

    There one setups the DNS, DHCP, and if needs Dynamic DNS setup.

    DNS one can either use DHCP supplied DNS or put in your own DNS.

    See if this helps.

Reply
  • +1

    If you connect the XG according to the video that Sophos supplies, the default policy should give you access to the internet but no protection. Did you have this access at the beginning?

    This is my setup for the XG 105

    This is the order of my rules.

     Firewall Rules

    1. Rule Name Lan to Wan

    Set to ACCEPT

    Source Zone Lan                  Source Networks ANY

    Destination Zone Wan        Destination Networks ANY

    Services add the following HTTP, HTTPS, DNS, NTP, PING, SIP for VoIP (if needed).

    Intrusion Prevention Lan to Wan General

    NAT & Routing

    Rewrite source address (Masquerading)

    Put a check mark in Rewrite.

    Use Out Bound MASQ (which is the IP address of your out bound Gateway.)

    Primary Gateway
    WAN Link Load Balance
     
    DSCP Marking Select DSCP MARKING
     
    Traffic Shaping Policy is NONE
     
    ALL OF THE ABOVE IS IN 1 FIREWALL Rule.

    2. Use the Default Policy Rule that Sophos creates. Change it to Drop and place it at the bottom of the list.

    Try this.

    I have more rules to block traffic from the DMZ to LAN and Lan to DMZ. I put a wireless router on the DMZ for guests that need Internet access and peoples phones.

    I also created firewall rules to allow remote VPN access.

    Then there is one more rule for VoIP.

    I have a set of 8 rules in total.

    In Configure Network on the Left side column of Options.

    Click on Network.

    Zones make sure you have a check in the DNS box in both LAN and WAN.

    Interfaces

    Port 2 is the Wan.  I have DHCP selected. The Gateway name is filled in.

    There one setups the DNS, DHCP, and if needs Dynamic DNS setup.

    DNS one can either use DHCP supplied DNS or put in your own DNS.

    See if this helps.

Children
No Data