Thread Info
  • State Verified Answer
  • +2 person also asked this people also asked this
  • Locked Locked
  • Replies 13 replies
  • Subscribers 28 subscribers
  • Views 6124 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos RED 15 Uplink settings and No internet using Sophos XG Firewall XG310 (SFOS 17.0.0 GA) C3000642RR83FF9

Michael Aliviado

 Hi Everyone,

I have a couple of questions that I would like to ask. I would like to get ideas from other users here or from Experts if I am configuring my Sophos RED 15 wrongly or I overlook some settings.

 

1st Concern: No internet RED (1). RED (2) has internet but can't connect to remote servers.

Uplink settings in Sophos RED 15. Using DHCP and Standard/Unified mode. I will explain my setup and situation then I will ask my questions after.

I would like to tackle this setting first since its the only one that worked 50% and the other 50% with problems.

I have 2 different business ISP and 2 Sophos RED 15 on another location. I used an ordinary router to configure the ISP's WAN details, then I connected the router to Sophos RED 15. The router has Firewall set to Off and disabled other restrictions if any and is set for DCHP. For testing purposes I created 2 different Zones, then I created a Web Policy to allow ALL, then a firewall rule to allow all without any restriction and MAX allocated bandwidth for the traffic Shaping. Sophos RED 15 connects correctly to my Sophos XG Firewall without getting any errors. All four lights are solid.

My Questions and Issues:

  • Network 1 which is connected to the Sophos RED 15 (1)is not getting any internet.
  • Network 2 which is connected to Sophos RED 15 (2) is getting internet but unable to connect to Remote servers.
  • Sophos XG console showing My 2 Sophos RED 15 as Online showing in Log Viewer as "Allowed" connection but 1 has internet the other none.

What I have tried and additional notes:

  • I have backtracked and redo all Policy, Firewall, Zone, Settings and making sure it is set to allow all but still no internet for RED (1). They are able to get an IP address and also able to see the default gateway.
  • Each of RED (1) and RED (2) has their own separate Web Policy, Zone, Firewall settings.
  • Both RED are configured the same way except for their RED IP and RED DHCP Range.
  • Both have different ISP Providers.
  • These were tested here in the main office and was working well before being sent to another external office.

2nd Concern: Uplink Settings using Static

I entered the details and set each RED (1) and RED (2) to their respective ISP providers. Both will not connect and is stuck in a loop before rebooting and doing the same thing again.

System turns Red after Router = Solid green

Router - Solid Green

Internet - Blinking

Hope the video works.




This thread was automatically locked due to age.
  • 0

    Hi i got the same issue

    i set the red on sophos like this

    i plug the WAN Port of RED to the LAN port of my huwai wireless fly box 

    provisionning was done

    interface said WAN uplink on Sophos XG

    when i connect 1 PC to RED LAN Port i get IP from the scope i set from RED setting but i can not reach none the LAN and internet

    here is the 2 RULES i set from Sophos Firewall to allow trafic

     

    this is the version of XG   SFOS 17.5.12 MR-12

     

    do i miss something?

    someone ever meet this king of issue

    i need a help

    i should finish setting this on monday

     

     

     

     

    2- second from another kind of network ADSL

    when i try to connect it on ADSL LAN 

    when booting i got green blicking LED on RED

  • 0

    Hello Michael,

    Thank you for contacting the Sophos Community.

    So the RED is behind another router? Is this router in bridge mode, it would need to be in bridge mode if you want the RED to have the Public IP assigned to it. 

    For the RED 2, I take that the IPs of the BO are not overlapping with the RED or XG? if you do a Packet capture on the XG, do you see the packet arriving to the XG, is the XG maybe dropping this packet? Please check this KB for details on how to capture the traffic. 

    Can you provide a screenshot of your RED interfaces and Firewall rules.

    Regards,

  • 0 in reply to cheikh ka

    Hello Cheikh,

    Can you try removing the #RED from the Firewall rule.

    Have you enabled Ping on the RED zone under the Local ACL? (System >> Administration >> Device Access)

    Have you for testing purposes disabled the Local Firewall in one of the computers you are trying to Ping?

    Regards,

     

  • 0 in reply to emmosophos

    Hi Thanks for replying,

    i am not well understanding this 

    " Can you try removing the #RED from the Firewall rule. ? "

    to my understanding we need rules to allow either the RED to LAN  and the RED to WAN trafic

    Or you want you say to specify the range we set in RED instead the #red

     

    for this 

    "Have you enabled Ping on the RED zone under the Local ACL? (System >> Administration >> Device Access)" 

    i did not change anything from here, i will try it 

     

    for this one 

    "Have you for testing purposes disabled the Local Firewall in one of the computers you are trying to Ping?"

    i tried to ping computer printer and phone, at lease if it was local firewall we dont need to disable it on printer or phone it should automatically work

    and all thos IP i tried to ping are pingable by others device even remotely like VPN

     

    if i get another suggestions i want they to try them

    Thanks again

  • 0 in reply to cheikh ka

    Hello Cheikh,

    Thank you for the follow-up.

    Yes, I meant the #RED that you have, in the Firewall rule, not the Firewall rule.

    Let me know if you got the chance to review the Local ACL.

    It was just a suggestion to disable the Local Firewall as this is many times what doesn't allow Pings to work. 

    If you SSH in to the XG using Putty and press 5 > 4 in the console and type the following command, what do you see?

    console> drop-packet-capture 'host X.X.X.X' (x.x.x.x is the IP assigned to the client) 

    And then try to Ping from the client to the Server/Phone/Printer.

    Regards,

  • 0 in reply to emmosophos

    Hello,

    "Yes, I meant the #RED that you have, in the Firewall rule, not the Firewall rule".

    why? you want i specify the Network at RED side?

     

    "Let me know if you got the chance to review the Local ACL."

    Yes the ping is checked then allow

     

    It was just a suggestion to disable the Local Firewall as this is many times what doesn't allow Pings to work. 

     

    If you SSH in to the XG using Putty and press 5 > 4 in the console and type the following command, what do you see?

    console> drop-packet-capture 'host X.X.X.X' (x.x.x.x is the IP assigned to the client) 

    the SSH did not work, i dont know why

     

    And then try to Ping from the client to the Server/Phone/Printer.

    i tried it i did not work

     

    Regards,

  • 0 in reply to cheikh ka

    so,

    some more inforation 

    all LED from the RED are green (Systeme, Router, Internet, Tunnel)

    the LAN port i plug the laptop is green 

    the WAN port i plug the internet router is blicking in green

     

    ON RED side

    i get an IP address from the range (10.10.10.0/24)  i set when setting the RED (the laptop get 10.10.10.10/24)

    but i cannot ping the gateway which is (the RED IP 10.10.10.254/24)

     

    ON sophos side

    i can ping the the RED IP =10.10.10.254)

    but not the  laptop =10.10.10.10

  • 0 in reply to cheikh ka

    i do another test 

    i connect 2 PC to the RED and they can ping each other

     

    You can see here the status of all LED

  • 0 in reply to cheikh ka

    Hello cheikh,

    Thank you for the follow up.

    Would you mind sending me a PM, with the Access ID of your XG Firewall, I would like to check the logs and run some connectivity tests.

     Monitor & Analize >> Diagnostics >> Support Access >> ON >> Access Status >> And copy & paste the Access ID and send it to me.

    Regards,

  • 0 in reply to emmosophos

    Hi,

    OK but can i send it on private mode ?