Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 10 replies
  • Subscribers 6 subscribers
  • Views 1898 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM 9.7 Not routing between interfaces

alfredchin

Hi Sophos community,

I am new to Sophos UTM and trying to setup UTM Home 9.7 but struggling with my configuration. I'm sure the resolution is a small thing I have overlooked and would appreciate any help I can get. My networking technical knowledge is average so my error might be a noob mistake. Setup is as follows:

 

  • WAN: LTE Router with internet access (192.168.8.1)
  • Laptop with Sophos UTM running in Hyper V.
  • LAN: Wireless AP connected to the LAN Nic. AP has IP 192.168.0.1
  • I am accessing the webadmin from a laptop on the LAP with gateway set to UTM IP.

 

I can ping 8.8.8.8 but cannot browse the internet

Followed https://techbast.com/2015/03/perform-a-basic-configuration-sophos-utm-in-12-simple-steps.html for my setup.

Below are screenshots.

Firewall setup:

 

Interfaces:

 

DNS:

 

Forwarders:

NAT:

 

Tools > DNS Lookup:

 

IPS Global:

 

The following are also enabled:

  • Advanced Threat Protection
  • Anti dos flooding
  • Anti portscan

Any assistance at all would be greatly appreciated. I have tried reinstalling everything but still getting stuck at this point.

 

Thank you,

Alfred



This thread was automatically locked due to age.
Parents
  • 0

    Ok, i'll try to help..

    The configuration looks ok.

    If you can ping 8.8.8.8 - routing/masquerading is OK

    Are you able to ping/traceroute www.google.de and ftp.astaro.com

    Do you enable Webprotection?

    Open firewall-live-log ... you should see the connection attempts.

    Check application control ... for some reason i have disabled HTTP already.

    Which version do you use? With 9.703 there are packet forwarding problems possible.

     

  • 0 in reply to dirkkotte

    Hi Dirk and thanks for the reply.

    I can't ping www.google.de or any other website for that matter. But traceroute results from webadmin all seem to be fine. I will check application control and read up on the possible packet forwarding issues. I am using version 9.702. All else fails maybe best to try an older version/ Below screenshots of the traceroutes:

  • +1 in reply to alfredchin

    On your client PC what do you see when you "nslookup" ?

    Which DNS-server responds to your client computer? Also on this client computer can you show us the output of the "route print" command, especially for the 0.0.0.0 destination(s)

  • 0 in reply to apijnappels

    Hi apijnappels,

    The nslookup to google.com unfortunately returns "unknown":

    And for route print the output for 0.0.0.0 is:

  • 0 in reply to alfredchin

    Looks like IPv6 DNS-server is the culprit.

    Your router may hand-out IPv6 addresses. Maybe you can configure the router not to do so but you can't always prevent the IPv6 DNS-server from being configured and if that's the case I believe disabling IPv6 on the client might be the only solution since IPv6 DNS-server has precedence over IPv4.

  • 0 in reply to apijnappels

    thanks for the suggestion. I tried disabling it on the client and on the laptop running the UTM but without success.

    Whatever the problem is, should I not be seeing something in the firewall log file? The only drops I am seeing in the log fine are not for the times I am trying to connect (everything else is green), but in case the few drops shed some light here is one of them (all are similar):

    2020:04:24-06:46:21 utm ulogd[4583]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x3441" app="1089" srcip="192.168.0.110" dstip="192.168.0.100" proto="17" length="78" tos="0x00" prec="0x00" ttl="128" srcport="137" dstport="137"


Reply
  • 0 in reply to apijnappels

    thanks for the suggestion. I tried disabling it on the client and on the laptop running the UTM but without success.

    Whatever the problem is, should I not be seeing something in the firewall log file? The only drops I am seeing in the log fine are not for the times I am trying to connect (everything else is green), but in case the few drops shed some light here is one of them (all are similar):

    2020:04:24-06:46:21 utm ulogd[4583]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" mark="0x3441" app="1089" srcip="192.168.0.110" dstip="192.168.0.100" proto="17" length="78" tos="0x00" prec="0x00" ttl="128" srcport="137" dstport="137"


Children