Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 2 subscribers
  • Views 2700 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAP VLAN traffic blocked by firewall

aiborin
I have a WRT610N, running DD-WRT, as my WAP connected to my Sophos UTM. I configured a virtual wireless interface on my WAPP to separate trusted and untrusted host traffic.  Logical diagram follows:
Network2.png

I have eth1 configured with two virtual interfaces; VLAN2 (trusted) and VLAN5 (untrusted).
interfaces.png

I modified the default firewall rules for DNS, Email, and web to include the two virtual interfaces.
firewall.png

I logged into the UTM console and ran tcpdump to verify I was receiving only VLAN2 and VLAN5 tags on eth2.  Both subnets get IPs via DHCP from the UTM but only VLAN 2 can reach the internet.  VLAN5 is denied DNS traffic and cannot resolve any address.  The FW log follows:
fwlog.jpg

I am at a loss on how to resolve this.  It seems like the FW rules are being ignored for only one of the virtual subnets.


This thread was automatically locked due to age.
Parents
  • 0
    I see you also have a webadmin connection attempt that was blocked, for this to be possible, the VLAN5 interface has to be on Management -> Webadmin settings -> Allowed networks list.

    For internet you would also need to create a masquerading rule.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Reply
  • 0
    I see you also have a webadmin connection attempt that was blocked, for this to be possible, the VLAN5 interface has to be on Management -> Webadmin settings -> Allowed networks list.

    For internet you would also need to create a masquerading rule.

    Managing several Sophos UTMs and Sophos XGs both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

    Sometimes I post some useful tips on my blog, see blog.pijnappels.eu/category/sophos/ for Sophos related posts.

Children
No Data
Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?