Hello,
I have the following configuration :
- A L3-Swich providing access to internal VLAN (10.0.0.0 ; 10.0.1.0 ; 10.0.2.0) and DMZ (192.168.0.0)
- A DMZ 192.168.0.0
- A router to WAN with internal NW 192.168.1.0
- The DMZ interface of the Firewall is the default GTW for the L3-Switch
Internet
|
Router
| (192.168.1.0)
Firewall
|
+ DMZ (192.168.0.0)
|
L3-Switch
-----------------------------------
| | |
10.0.0.0 10.0.1.0 10.0.2.0
With my old Firewall, I could access the Internet from any LAN (10.0.x.0); and all servers (in DMZ and LAN) were reachable (using port forwarding).
I replaced my old Firewall with a new Sophos SG, and configured it with basic rules (allow ANY services from LANs to ANY ; allow ANY services from LANs to LANs).
Obviuously, the new SG has the DMA IP of the old Firewall.
From the DMZ, a PC can reach the Internet.
But... from any LAN, there is no access to Internet or to the Firewall itself.
I guess the L3-Switch configuration is still correct (as I did not mofdified it).
In the log of the SG, I can see the packets routed from the LANs to the Internet but... there is no reply from the distant Websites.
Then, what is wrong ?
Why can I not access the SG itself (incoming packet OK, but no answer) ?
Thanks in advance for your help.
This thread was automatically locked due to age.
