Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 26 subscribers
  • Views 2356 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

if my theory is correct...

B.R.O.

I feel like laughing like Tom Hanks in the movie The Money Pit when his bathtub feel through the floor.  Tom Hanks - Laughing

Because of Asymmetric routing, I had to enter a bypass-stateful rule for My LAN to My Datacenter's LAN, then My Datacenter's LAN to my Wan.

Looking at the configuration of the Datacenter's on the premises router...I see the following...

access-list 190 remark ACL-for-dynamics-NAT
access-list 190 permit ip 'My LAN' 0.0.1.255 'Datacenter's LAN' 0.0.0.63

Does that mean the Datacenter's firewall team could have saved me alot of time when I told them the NATs were not working on computer network by saying I have Asymmetric Routing or we need to look at the access-list to see what's going on?



This thread was automatically locked due to age.
Parents
  • 0

    BRO,

    you are opening a lot of threads and nothing against this but make sure you really understand how XG works. I suggest you to take a Sophos XG course before configuring it in environment where there are several routing/nat and other advanced stuff.

    You are still fighting against asymmetric routing...

    Make sure you give the proper information here and even when you contact the Support/Professional Services.

    If you need advanced help, send me a PM.

    Regards

  • 0 in reply to lferrara

    Sorry I forgot about the previous thread and noticed it after I made this post.  I currently have the failover HA unit in brigde mode running on the network.

    Its been a week since I entered the bypass stateful rules and the Lab had no more problems with their equipment.  When I first got the XG I figured out how version 15 worked by spending all of last december working on it then version 16 came out and had to figure everything out again.

    I already used 8 hours of Support/Professional Services on setting up the XG.  I feel like I am getting real close to getting this project done.  I thought I could skip the Sophos XG course when I got 8 hours of Pro Services and had a dedicated vpn firewall team at the Datacenter,  That's what I get for assuming everything is going to go smoothly.

    I got the email protection running on the bridge, a little trouble with spam filtering but at least spam is stopped and my mail server is protected while keeping the network up and running.

  • 0 in reply to B.R.O.

    Thanks BRO.

    Taking XG course is useful even for who has experience with Firewall and Routing.

    I have replied to some of your threads. Make sure you mark as answered.

    Also when the project is closed, we would like to hear from you (feedbacks on XG).

    Regards

Reply
  • 0 in reply to B.R.O.

    Thanks BRO.

    Taking XG course is useful even for who has experience with Firewall and Routing.

    I have replied to some of your threads. Make sure you mark as answered.

    Also when the project is closed, we would like to hear from you (feedbacks on XG).

    Regards

Children
No Data