Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 11 replies
  • Subscribers 4 subscribers
  • Views 17842 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Activating port causes issues with web server and NAT publishing rules

DaveR

I currently have my UTM device up and running well connected to one WAN circuit--a fiber line.    I am trying to get to the point where I can add a second WAN connection and do Uplink Balancing (have a post on this in the appropriate forum).  However, before I get to that point, simply putting in the new IP info on a new port and activating that port seems to cause all of my NAT publishing and web publishing rules to stop working.   As soon as I disable the port, everything starts working again.  Does anyone have any thoughts on this?

I have added additional networks/activated additional ports before, i.e. DMZ and it never causes any issues.   Not sure why in this case the problem is occurring.

Any thoughts would be greatly appreciated.

Thanks in advance. 



This thread was automatically locked due to age.
Parents
  • 0
    Are you saying that you are trying to connect two ports on the UTM to the same WAN circuit or two separate WAN circuits?
    __________________
    ACE v8/SCA v9.3

    ...still have a v5 install disk in a box somewhere.

    http://xkcd.com
    http://www.tedgoff.com/mb
    http://www.projectcartoon.com/cartoon/1
  • 0 in reply to Scott_Klassen
    Scott,

    two separate WAN connections. My fiber connection is active and working fine. when I attempt to spin up port E4 for a secondary cable connection all of the NAT rules and web server publishing rules I have seem to stop working.
  • 0 in reply to DaveR
    Dave, are you sure the subnet on your second Interface definition doesn't overlap with a subnet defined on your other interfaces?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Bob,

    At present I have the following:


    -A WAN connection with a /26 address
    -A DMZ network with a /24 address
    -A LAN Network with a /16 address


    all of these seem to work fine


    When I activate the interface in an attempt to spin up a second WAN connection with a /20 address everything seems to stop functioning.

    very puzzling, trying to get this going.

    any advice would be greatly appreciated.

    Thanks,
  • 0 in reply to DaveR
    Please respond to my first comment above, Dave.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Bob,

    The addresses are as follows:

    WAN 1: 104.226.x.x
    DMZ: 192.168.x.x
    LAN: 172.16.x.x

    These all work


    when a port for WAN 2 is activated using 173.14.x.x that causes the issue.

    Thanks,
  • 0 in reply to DaveR
    It's gotta be a config error that you're looking at but aren't seeing, Dave. Show us pictures of the Interface definitions and one of the NAT rules that stops working.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Bob,

    Please see interfaces below, please note WAN2 is currently disabled.

    Please note the following web server rule below.    Note that I have about 100 web server rules and 10-20 NAT rules which all appear to stop working when the new interface is enabled, so it certainly must be something very global.

  • 0 in reply to DaveR

    If there aren't a slew of Network/Host definitions that violate #3 in , then I'm flummoxed.  If you have paid subscriptions, it's time to get Sophos Support involved.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0 in reply to DaveR

    If there aren't a slew of Network/Host definitions that violate #3 in , then I'm flummoxed.  If you have paid subscriptions, it's time to get Sophos Support involved.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Cookie Information Banner