Firewall Traffic/Rules

are you using your netgear in modem mode or router mode??

Ideally u should use modem mode and then use dhcp on your wan port.

What model is the netgear?

Also what is the ip of your desktop, Default gateway?  Also what is wan link manager saying in network?  The default firewall rule needs to have source rewritting enabled and the masq rule should be the ip of the wan port.

JK

ok, so its a netGear 7000 (AC1900).  I have it set up in Router mode, I have Router, Bridge, ,  One cable is going to from want to P1 on Router (192.168.1.0)  Next I have they Lan on 172.16.16.16.)  My Macbook will connect will connect on Wifi when I set it to 172.16.16.8 / 255.255.255.0/192.168.1.1)   My wan link manager is showing IP4 Gateway 192.168.1.1 Interface port 2 192.168.1.252.  NAT MASQ status is green.   The rule is enabled for Masq rewriting. 

Michael, if you want to have the same netgear ip network behind XG, you need to create a bridge. Use the wizard from XG admin page as described here:

Regards

OK so You dont need to bridge the router and XG, have you enabled DHCP on Sophos XG yet for the LAN network??  You need to set that up to give devices addressing, make sure you tick the option Use interface as default gateway.

Your macbook has the wrong Default gateway so it wont get internet.  The DG of the LAN devices has to be the IP of the LAN port on XG so 172.16.16.16 in this case.  You should really change the LAN IP anyway to something like 172.16.16.1.

If you want to test this theory just change the Default gateway on your Macbook to 172.16.16.16 do that and you should get net.

JK

When I put it in bridge mode the last time, the only way i could get in the Console gui is when I had a cable plugged in to the Lan Port, if I put both a lan and wan cable in, I could get to the lan but the internet was down.....and it still didn't pass traffic through the firewall.  it just showed 1m network attacks after I plugged back in to the lan. whats even more confusing to me when it was in bridge mode was why I couldn't get to the gui if I was "bridged". 

Ok So I set up DHCP, changed my lan IP to 172.16.16.1 and set the gateway on my Mac to the same,and I still have no traffic going through the firewall, I show the interface is up, but no sessions.   When I changed the Mac gateway, I still can Ping the web but not surf. 

Id change XG back to Gateway mode and then setup the LAN using 172.16.16.0 / 24 and add DHCP for it.  if you can get the the ui go through the wizard again from the drop down top right where user name is.

Ive had similar setup working, router then XG.  It will need DMZ setup on the netgear to the WAN IP of xg but it will work that way.

as i said the Mac had the wrong dg. if its ip is 172.16.16.8 / 24 it wont find the DG 192.168.x.x.  Its DG should be The XG lan IP.

Hope that helps, bridge mode ive not actually use myself it depends on what u want to use XG for.  You hoping to use it as your main firewall or just some features?

JK

What mode is it in now? bridge or gateway? if its in bridge that fix wont work i dont think u need to put in gateway mode again.

Its in Gateway mode, I have a Crossover going from Wan Port to  Router, another Cross over going from Lan to Router. 

No crossover cables, straights u use.

Also why u connecting both ports to the Router??

what do you want XG to do specifically?

JK

Try straight cables and then see if it makes a difference??

JK

Try straight cables and then see if it makes a difference??

JK

Made no difference