Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 11 replies
  • Answers 2 answers
  • Subscribers 5 subscribers
  • Views 4271 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

internal Network can't reach Public IP

Elvis Altherr

Hi all

I recently bought a Sophos SG115w Firewall and everything works fine expect the following:

I have a internal Network 192.168.1.0/24 with fixed ip Addresses and now i have to problem that i can't access the Public IP 62.2.208.170 from within the internal network even i added a Rule to allow this (see Attachments)

If a do a telnet to the Public Address or a Web Access a Timeout Occurs

Same with the Webaccess

What I'm doing wrong?

In the Log the Access seems ok but it doesn't work

 

 



This thread was automatically locked due to age.
  • 0

    Do you configure masquerading, so your private IP's not used at the internet.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • +1

    Can we see how your interfaces are configured?

     

    It looks like you have LAN to Firewall but the Firewall looks like a device not a WAN, try switching it from firewall to any, this will only allow traffic on the LAN to talk out to any not the other way around, you can also tighten it up later once you got it working by setting what protocols can talk out.  Or set the LAN to WAN any, a pic of your interfaces, NAT would help us help you.

    Also what do you mean an internal network with fixed IP's, Static?  They will only remain static internally. 

    Also there is a good setup and go article here: techbast.com/.../perform-a-basic-configuration-sophos-utm-in-12-simple-steps.html

    Respectfully, 

     

    Badrobot

     

  • 0 in reply to Elvis Altherr

    no, you need masquerading to reach the internet while using private IP at the client.


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to Elvis Altherr

    seems your FW rule 19 isn't correct.

    Must be:  internal LAN -> any -> Internet


    Dirk

    Systema Gesellschaft für angewandte Datentechnik mbH  // Sophos Platinum Partner
    Sophos Solution Partner since 2003
    If a post solves your question, click the 'Verify Answer' link at this post.

  • 0 in reply to dirkkotte

    Thanks for you replies

    Here are my Interface and NAT Config

  • 0 in reply to Elvis Altherr

    Ok so edit rule 19, make the source your internal network, the services any or whatever specific ports you want i.e. ports 80 & 443 for web browsing, them make the destination your wan.

     

    You can do this by clicking on rule 19 edit, deleting the three you have set for source, services & destination.  Then click on the folder in the source part, and go to the search bard on the left, type LAN to find your internal LAN, you can drag and drop it into the source part.  Do the same for services with Any and the same for destination with WAN.

     

    See pic

     

    Respectfully, 

     

    Badrobot

     

  • 0 in reply to Badrobot

    Also in order for us to see NAT you need to take another screen shot, it is under Network Protection --> NAT

     

    It is right under the firewall menu option.

    Respectfully, 

     

    Badrobot

     

  • 0 in reply to Elvis Altherr

    Hallo Elvis and welcome to the UTM Community!

    I'm confused as to why you're trying to reach an IP on the External interface.  Maybe you need Accessing Internal or DMZ Webserver from Internal Network.

    This feels like a routing problem, but let's confirm that by doing #1 in Rulz - was there anything in the Firewall log?

    You will also want to read #3, #4 and #5 in Rulz.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    BAlfson said:

    Hallo Elvis and welcome to the UTM Community!

    I'm confused as to why you're trying to reach an IP on the External interface.  Maybe you need Accessing Internal or DMZ Webserver from Internal Network.

    This feels like a routing problem, but let's confirm that by doing #1 in Rulz - was there anything in the Firewall log?

    You will also want to read #3, #4 and #5 in Rulz.

    Cheers - Bob

     

    Hi Bob

    Thanks for your reply. I will check the suggestions. Yes in the Log the Access is shown as allow. I also think this coud be a routing problem,coze if i try to access the external address from within the UTM it works (telnet from the shell direct on the FW)

Unfiltered HTML