Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 41 replies
  • Subscribers 28 subscribers
  • Views 106610 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Firewall Traffic/Rules

MichaelCreamer

I am now having an issue with my firewall rules.  Traffic does not seem to be passing through them.  I also don't see any sessions.  I have it set up in gateway mode, and port 2 directly connected to my NetGear Router.  I see the gateway is up and I can ping out.  Little help please

 



This thread was automatically locked due to age.
Parents
  • 0

    Hi Michael,

    Check #1.1 in my troubleshooting guide and take a packet capture on the Source IP address. You can see which FW-rule ID forwards the traffic. If you are able to ping but the traffic is not accounted on the fw-rule then you have a different issue.

    Thanks

  • 0 in reply to sachingurung

    Since it appear my problem to be  Asymmetric routing i added the bypass rule.  its unusual because I also did a show packet dump and the system shows traffic out 172.16.16.23 to 172.16.16.9 (macbook Lan) on 550805 with ACK.  The reason i say strange s because I set DHCP as 172.16.16.50-150 and I am seeing 6 DHCP addresses, but still no traffic through the firewall, yet I can do a trace route and it shows me that traffic is going out my 192.168.1.1 gateway. 

  • 0 in reply to MichaelCreamer

    on the tracert whats the 1st enty? is it the XG LAN ip??  I think it might be where your router has both the XG LAN & WAN ports in it.  Try taking the LAN port out the router and connecting to a machine then try again.

     

    JK

  • 0 in reply to john_kenny

    Ive had my XG in a similar setup myself, my XG WAN port to a router from my ISP.  The XG WAN port is def set to DHCP yeah??

     

    The default firewall rule can you post the whole rules settings pls??

     

    Thanks

     

    JK

  • 0 in reply to MichaelCreamer

    Michael,

    since you are using crossover cable and connecting both LAN and WAN port to the same router, can you upload a network diagram with all ip and connection made?

    I think you are connecting cables in the wrong order.

  • 0 in reply to MichaelCreamer

    As i mentioned earlier does it work if you connect a device to the XG LAN port directly??

    Also did you swap the crossover cables with straights as i suggested last night??  Not that it matters too much as nowadays modern network devices should auto sense and configure accordingly but you don't need crossovers in this situation ie Gateway mode.

    JK

  • 0 in reply to lferrara

    ok, so on the nether everything is 192.168.1.0   I have 20 Devices connected.   On the Sophos  the Wan port is confined as 192.168.1.252/255.255.255.0/192.168.1.1  on the lan port its 172.16.16.1 /255.255.255.0/192.168.1.1.  I show the gateway is up and that I can get out from the 172.x.x.0, but the 172 does not see the 192 network.  The firewall Rule shows no traffic passing on the wan or the lan. 

  • 0 in reply to john_kenny

    I missed the directly to the Lan port.  I will do that when i get back.  I switch out the cables to straight and that made no difference. 

Reply Children
No Data