Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 28 subscribers
  • Views 32204 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

After initial setup, no Internet access (includes diagram)

Peter Nelson

Hi all

 

I have set up Sophos XG Home on a supported Qotom mini PC. Per my diagram I can login to the XG, configure it but no LAN device can get access to the Internet. The Sophos Control Center has the Interface icon in red with an exclamation mark.

 

https://www.draw.io/#W78AE145D55D6C5E3!28456

 

It's in Bridge Mode, LAN Port 1 is connected to the modem/router and LAN Port 2 is connected to the LAN switch.

 

What have I missed?

   

Thanks



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Peter Nelson

    Hi Peter,

    the rule could be any zone (source) any to any zone destination any -> allow all. What I can't see is your MASQ (NAT) rule.

    Next question is why are you using the modem as gateway rather than bridged mode and have the XG be the true gateway and only one NAT.

    Which device is providing your DHCP function?

  • 0 in reply to rfcat_vk

    rfcat_vk

     

    The modem/router is providing DHCP. Are you saying I should disable all routing functions from the device and use the XG to be DHCP, NAT etc etc?

  • 0 in reply to Peter Nelson

    Hi Peter,

    that would make debugging easier and filter creation simpler.

  • 0 in reply to Peter Nelson

    i have same config as you, here are my two rules (one for in and one for out).

    Also don't enabled MASQ as it can affect some of those layer 2 packets that are non routable, for example it broke some of the discovery i needed for my router control SW and IMO isn't needed in this scenario

     

    here is the summary of the bottom rule as an example, hope that helps.

    Summary

    All Inbound

    Allow

    Rule

    Accept any service going to "LAN" zone, when in "WAN" zone, and coming from any network, scan for malware then check with Sandstorm and log connections, then apply IPS policies

    Source & Schedule
    WAN

    Source Networks and Devices : Any
    During Scheduled Time : All the Time

    Destination & Services
    LAN

    Destination Networks : Any
    Services : Any

  • 0 in reply to Alex Balcanquall

    Thanks Alex, I will try this and see how I go.

  • 0 in reply to Peter Nelson

    OK, thanks for your help guys. I eventually got it going by:

    • setting my Bigpond cable modem/router as a modem only
    • Set the XG device as the DHCP server

     

    I still had no Internet access until I told the XG to get it's WAN interface IP by DHCP, which must have been passed through by the Bipond/Netgear device. I now have the XG funneling traffic through.

     

    I now need to understand how to apply web/application and firewall rules X-/

     

    Cheers