Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 26 subscribers
  • Views 10413 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

No internet connectivity if ISP router in DMZ

MattColford

Been running into this issue with the XG series. Basically, the ISP router has the ability to go into advanced DMZ, giving the specified device the WAN address. On the SG series, this worked like a charm, the WAN link gets the public IP, internet works, and also can also still access the ISP routers admin page.

 

With the XG's, the firewall will get the public IP as expected, however that's where it stops. Internet doesnt come up, and cannot access the ISP routers admin page. I'm guessing it may be a manual route I need to make, however i'm not sure where i'd need to do it. If I give the WAN port an alias on the DHCP scope from the ISP modem, i'm able to get to the admin page. Any ideas?



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to lferrara

     

    Above is the setup that always worked with the SG-series. ISP modem gets a dynamic public IP and has Advanced DMZ enabled with the WAN port MAC assigned. On the XG, it is receiving the Public WAN via DHCP, however it cannot access internet, ping gateway, etc. It also cannot access the ISP modem's admin page at 192.168.1.254. If I give the WAN port an alias IP in the ISP modems LAN scope, I can then access the modem admin page however internet still remains down.

    This is the workaround. ISP modem config remains the same however I statically assign an IP in the ISP modems LAN scope to the XG's WAN port and use the ISP modem's LAN IP as the default gateway. Immediately internet begins working, however cannot access the admin portal, user portal, or SSL VPN externally unless I forward the needed ports from the ISP modem. I can access the ISP modems admin page as well.

    Same scenario but with an SG firewall. The SG gets the public address via DHCP from the ISP modem. Can access the internet without issue, additionally the admin and user portal and SSL VPN work without needing to port forward. I can also still access 192.168.1.254 from inside the SG firewall's LAN.

     

    The only thing I can guess is that the SG-series transparently does something with routing tables that the XG doesn't.