Register Now

Login

Lost Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

Sophos XG: Traffic is not matching user based firewall rule

Issue:

User has two XG firewalls connected with SD wan connection. Branch office users should reach head office firewall in order to reach internet. Branch office user is authenticating with head office domain controller, he can see user under live users list.

His issue is branch office users are showing in head office firewall live users, but when accessing internet branch office user traffic is not matching user based firewall rule in HO firewall instead its matching normal firewall rule( match known users option unticked) which is below to the user based firewall rule.

Resolution:

Here branch office user is authenticating with head office firewall, since he was able to see user under live users list.

He created user based firewall rule from branch office to internet like shown below

User Based firewall rule
firewall rule

The condition to match any user based firewall rule is IP under live users list must match with IP under packet capture.

But here IP under live users list is showing “192.168.1.245” but when he take packet capture under Diagnostics>>packet capture. He was able to see different branch office user IP.

It means whenever traffic is reaching from branch office to head office, NAT is being taken place.

That is the issue, the IP of live users must match with packet capture IP else user based firewall rule can’t be applied.

Hope this article helps you.