Scribd Logo
Fazer o upload

Bem-vindo(a) ao Scribd!

  • Bridge - Transparent Mode Deployment XG

    Enviado por

    osuwira
    146 visualizações6 páginas
    The document discusses troubleshooting a Sophos XG firewall configured in transparent bridge mode. The user is seeing the WAN link status as down and is unable to ping the gateway or internet addresses. Experts suggest checking the ARP table, firewall rules between interfaces, and disabling the "routing on bridge interface" option in the bridge configuration. Adjusting the failover rule and ping target resolves the certificate issue but not the WAN link status.

    Descrição original:

    Best Firewall

    Título original

    Bridge_Transparent Mode Deployment XG

    Direitos autorais

    © © All Rights Reserved

    Formatos disponíveis

    PDF, TXT ou leia online no Scribd

    Você considera este documento útil?

    Este conteúdo é inapropriado?

    Denunciar este documento
    The document discusses troubleshooting a Sophos XG firewall configured in transparent bridge mode. The user is seeing the WAN link status as down and is unable to ping the gateway or internet addresses. Experts suggest checking the ARP table, firewall rules between interfaces, and disabling the "routing on bridge interface" option in the bridge configuration. Adjusting the failover rule and ping target resolves the certificate issue but not the WAN link status.

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    146 visualizações6 páginas

    Bridge - Transparent Mode Deployment XG

    Enviado por

    osuwira
    The document discusses troubleshooting a Sophos XG firewall configured in transparent bridge mode. The user is seeing the WAN link status as down and is unable to ping the gateway or internet addresses. Experts suggest checking the ARP table, firewall rules between interfaces, and disabling the "routing on bridge interface" option in the bridge configuration. Adjusting the failover rule and ping target resolves the certificate issue but not the WAN link status.

    Direitos autorais:

    © All Rights Reserved
    Baixe no formato PDF, TXT ou leia online no Scribd
    Sinalizar o conteúdo como inadequado
    de 6

    1/17/2018 Bridge/Transparent mode deployment XG.

    - Initial Setup - XG Firewall - Sophos Community

    Bridge/Transparent mode deployment XG.

    Hi all,

    I was trying to deploy a Sophos XG 650 in bidge mode, everything goes as expected but in the WAN
    Link Manager tab the Port in the WAN zone appears to be down.

    I can see traffic going through but I think the WAN link has to be up and green, Am I right?

    lferrara

    John, make sure XG is able to ping google and the gateway.

    Check arp table from console command.

    Regards

    Luk

    Security Architect

    UTM Certified Architect - XG Certified Architect

    https://community.sophos.com/products/xg-firewall/f/initial-setup/91861/bridge-transparent-mode-deployment-xg 1/6
    1/17/2018 Bridge/Transparent mode deployment XG. - Initial Setup - XG Firewall - Sophos Community

    John Henry
    Previewing Staged Vindas Carballo
    Changes

    In reply to lferrara:

    I will test in a while if I can ping google and let you know.

    This is what I get from the console when ask for arp (I don't know if it's correct):

    Thank you.

    EDIT: I can't ping google or my gateway when I have both ethernet cables connected to the
    bridge port.

    John Henry Vindas Carballo

    In reply to lferrara:

    I have Port2 and Port3 in the Bridge Port, I notice that if I connect the LAN link (Port3) only,
    my gateway link works fine but if I connect both links (Port2 and Port3) the WAN link (Port2)
    goes down.

    https://community.sophos.com/products/xg-firewall/f/initial-setup/91861/bridge-transparent-mode-deployment-xg 2/6
    1/17/2018 Bridge/Transparent mode deployment XG. - Initial Setup - XG Firewall - Sophos Community

    Traffic still goes through and I can see the allowed packets.

    Also, "HTTP 500 ERROR" when try to browsing internet and can't access any HTTPS site.

    John Henry Vindas Carballo

    I have a question about the problem I'm having with the Transparent mode on the Sophos XG.

    Every single time I connect the XG in the network I can't use the web browser anymore, why
    does this happend if the firewall is configured in transparent mode?

    Anyone can answer me that?

    Thanks

    sachingurung

    In reply to John Henry Vindas Carballo:

    Hi John,

    Show us the inside configuration of the gateway in the WAN link manager and Bridge port
    configuration.

    Thanks

    https://community.sophos.com/products/xg-firewall/f/initial-setup/91861/bridge-transparent-mode-deployment-xg 3/6
    1/17/2018 Bridge/Transparent mode deployment XG. - Initial Setup - XG Firewall - Sophos Community

    Sachin Gurung | Team Lead, Sophos Technical Services

    John Henry Vindas Carballo

    In reply to sachingurung:

    Hi sachingurung,

    Thank for your reply, here you have the configuration of both ports.

    WAN link:

    Bridge port:

    Thank you.

    https://community.sophos.com/products/xg-firewall/f/initial-setup/91861/bridge-transparent-mode-deployment-xg 4/6
    1/17/2018 Bridge/Transparent mode deployment XG. - Initial Setup - XG Firewall - Sophos Community

    sachingurung

    In reply to John Henry Vindas Carballo:

    For the WAN link manager, edit the failover rule and ping to 8.8.8.8. Does that make the
    gateway green? Alongside, uncheck the "routing on bridge interface" save the config and
    verify if that resolves it. 

    Thank you,

    Sachin Gurung | Team Lead, Sophos Technical Services

    John Henry Vindas Carballo

    In reply to sachingurung:

    It does fix the certificate problem I was having but I still see the WAN link status down.

    EDIT: Also, I can't ping 8.8.8.8 or my gateway (10.99.1.1) through the bridge or PortA2 (WAN
    link).

    Matt Yost

    In reply to John Henry Vindas Carballo:

    https://community.sophos.com/products/xg-firewall/f/initial-setup/91861/bridge-transparent-mode-deployment-xg 5/6
    1/17/2018 Bridge/Transparent mode deployment XG. - Initial Setup - XG Firewall - Sophos Community

    I've heard you need to setup a firewall rule to allow communication from one interface to
    another. Do you have a firewall rule to allow communication between the lan and wan?

    Not sure if this is taken care of when setting up a bridge, but figured it was worth a mention.

    sachingurung

    In reply to John Henry Vindas Carballo:

    Hi John,

    Uncheck 'unable routing on this bridge pair' option in the bridge interface definition. If that
    doesn't resolve the issue then please DM me and we will investigate further. 

    Thanks

    Sachin Gurung | Team Lead, Sophos Technical Services

    https://community.sophos.com/products/xg-firewall/f/initial-setup/91861/bridge-transparent-mode-deployment-xg 6/6

    Você também pode gostar