Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 2 subscribers
  • Views 2698 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAP VLAN traffic blocked by firewall

aiborin
I have a WRT610N, running DD-WRT, as my WAP connected to my Sophos UTM. I configured a virtual wireless interface on my WAPP to separate trusted and untrusted host traffic.  Logical diagram follows:
Network2.png

I have eth1 configured with two virtual interfaces; VLAN2 (trusted) and VLAN5 (untrusted).
interfaces.png

I modified the default firewall rules for DNS, Email, and web to include the two virtual interfaces.
firewall.png

I logged into the UTM console and ran tcpdump to verify I was receiving only VLAN2 and VLAN5 tags on eth2.  Both subnets get IPs via DHCP from the UTM but only VLAN 2 can reach the internet.  VLAN5 is denied DNS traffic and cannot resolve any address.  The FW log follows:
fwlog.jpg

I am at a loss on how to resolve this.  It seems like the FW rules are being ignored for only one of the virtual subnets.


This thread was automatically locked due to age.
  • 0
    Which networks are listed under Network services -> DNS -> Global ?
  • 0
    I see you also have a webadmin connection attempt that was blocked, for this to be possible, the VLAN5 interface has to be on Management -> Webadmin settings -> Allowed networks list.

    For internet you would also need to create a masquerading rule.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

  • 0
    As vilic says, check Network services -> DNS -> Global, your logs says that it tries to contact the DNS server of the UTM, creating a fw rule, will not allow access to the UTM DNS, it will be automatically done, under Network Services -> DNS, when you add the network there.

    -----

    Best regards
    Martin

    Sophos XGS 2100 @ Home | Sophos v19 Architect

  • 0
    Thanks to all with the replies.  Everything is working now!

    I was so focused on the firewall log that I missed the underlying reason.  I am thinking the DNS linkage was either prompted are occurred automatically during my initial install.  VLAN5 is the first interface I have added since my original install.
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?