Tuesday, July 30, 2019

Can't reach single devices after upgrading the firewall, everything else works?

Hello everyone

We've recently upgraded our firewall from a very outdated and undersized Zyxel ZyWall USG100 to a Sophos XG310. After a bit of a rusty start (had some problems with port forwarding but luckily nothing too bad) almost everything is working well so far. Everything except three devices, which suddenly can only be reached from their own subnet and no longer from another one.

We have the following subnets configured:

192.168.1.0/24: This is Subnet A where all PC clients reside

192.168.2.0/24: This is Subnet B where other devices (e.g. printers, cnc mills and other machinery) are located

The unreachable devices are located in Subnet B and the Computers that should be able to reach them are in Subnet A.

Traffic between these two Subnets should be allowed as if they were one, we just need to keep them separated for now. To achieve that I put them in the same zone (LAN) on the Sophos Firewall. Now everything works fine, I can reach every single host located in Subnet A or B independent of which subnet I'm in, except for those three hosts.

To clarify things a bit here's a simplified network diagram: https://imgur.com/E60iSyp

The unreachable devices are these CNC Mills: https://www.gfms.com/country_CH/en/Products/Milling/standard-machining-centers/vce-machine-line/mikron-vce-1200-pro.html

I also tried to connect a different device at the place of the unreachable devices to have the exact same connections and cables, which still works so we can probably eliminate this possibility.

Maybe one of you guys has an idea what could be the problem here, I'd be really glad if you'd be able help me with this as I pretty much have no idea what else I could try...



No comments:

Post a Comment