Firewall Traffic/Rules

Hi Michael,

Check #1.1 in my troubleshooting guide and take a packet capture on the Source IP address. You can see which FW-rule ID forwards the traffic. If you are able to ping but the traffic is not accounted on the fw-rule then you have a different issue.

Thanks

Hi Michael,

Check #1.1 in my troubleshooting guide and take a packet capture on the Source IP address. You can see which FW-rule ID forwards the traffic. If you are able to ping but the traffic is not accounted on the fw-rule then you have a different issue.

Thanks

Since it appear my problem to be  Asymmetric routing i added the bypass rule.  its unusual because I also did a show packet dump and the system shows traffic out 172.16.16.23 to 172.16.16.9 (macbook Lan) on 550805 with ACK.  The reason i say strange s because I set DHCP as 172.16.16.50-150 and I am seeing 6 DHCP addresses, but still no traffic through the firewall, yet I can do a trace route and it shows me that traffic is going out my 192.168.1.1 gateway. 

on the tracert whats the 1st enty? is it the XG LAN ip??  I think it might be where your router has both the XG LAN & WAN ports in it.  Try taking the LAN port out the router and connecting to a machine then try again.

JK

Ive had my XG in a similar setup myself, my XG WAN port to a router from my ISP.  The XG WAN port is def set to DHCP yeah??

The default firewall rule can you post the whole rules settings pls??

Thanks

JK

Michael,

since you are using crossover cable and connecting both LAN and WAN port to the same router, can you upload a network diagram with all ip and connection made?

I think you are connecting cables in the wrong order.

As i mentioned earlier does it work if you connect a device to the XG LAN port directly??

Also did you swap the crossover cables with straights as i suggested last night??  Not that it matters too much as nowadays modern network devices should auto sense and configure accordingly but you don't need crossovers in this situation ie Gateway mode.

JK

ok, so on the nether everything is 192.168.1.0   I have 20 Devices connected.   On the Sophos  the Wan port is confined as 192.168.1.252/255.255.255.0/192.168.1.1  on the lan port its 172.16.16.1 /255.255.255.0/192.168.1.1.  I show the gateway is up and that I can get out from the 172.x.x.0, but the 172 does not see the 192 network.  The firewall Rule shows no traffic passing on the wan or the lan. 

I missed the directly to the Lan port.  I will do that when i get back.  I switch out the cables to straight and that made no difference. 

Thanks for the diagram.

You have 2 options:

• bridge mode: so the lan cable coming from netgear L2 switch goes to XG LAN port and the netgear r7000 192.168.1.1 goes to XG WAN port.
• routing mode: same connection as bridge, but you need to change devices IP behind XG to something else not used. Wi-fi however will work using Netgear router. So you can buy a Sophos AP and remove the Netgear Router at all and having XG as your router.

This connection will not simply work.

I will Switch back to Bridge mode, but explain to me this, when I do, do I use both Network cables?  Or am I just using one, and which would that be?

you still use both in bridge mode, cross over from XG WAN to router LAN port, straight for XG LAN to router LAN port.

Go through the wizard again to setup the bridge if your changing deployment modes, you bridge ports 1 & 2 on XG then for the Bridging pair IP address give it an address on the subnet used by your router in this case try 192.168.1.200 then SM 255.255.255.0 the bridging pair gateway will be 192.168.1.1.

Then go through the rest of the wizard.

If you did this right XG will be accessible on 192.168.1.200 and the devices on your lan should get IPs from the routers DHCP.

JK