Sophos XG 210 is NOT the default gateway on my current LAN, nor should it be.
Port 1 - 192.168.10.2/24 & 192.168.200.2/24
Port 2 - Public WAN IPs
SSL VPN 10.10.200.20/24
I am able to successfully connect to the SSL VPN, using LDAP (AD) authentication.
From the testing VPN laptop (10.10.200.21) I can ping devices on the 192.168.10.0 and 192.168.200.0 networks. My DNS servers are 10.7 and 10.9, and I'm setting traffic (DNS) in the firewall logs being Allowed.
Firewall rules:
Source VPN, Any Network/Device -> Destination LAN, Any Network. Match known users Unchecked. Application Control - Allow All, all others default (None). I've also set the Application Control to None, and didn't seem to affect anything.
Source LAN, Any Network/Device -> Destination VPN, Any Network. Match known users Unchecked. Application Control - Allow All, all others default (None). I've also set the Application Control to None, and didn't seem to affect anything.
I have both of the above firewall rules logging, but I don't see anything Denied going between these LANs/Ports.
Problem
I "think" my problem is, the machines on the 192.168.10.0 and 192.168.200.0 networks don't know how to get back to the 10.10.200.21 device.
I created a static route on one of the servers (10.10.200.0 MASK 255.255.255.0 192.168.10.2). A tracert on 192.168.200.21 to 10.10.200.21, first hop is 192.168.10.2 and is reached, but the rest of the trace 'Request timed out.'
Do I need to create a route from my 192.168.10.2 interface to tun0? If so, where is tun0, as I'm not seeing it anywhere.
I'm not able to RDP, or use some applications (which connect via TCP ports). I see the initial communication, and they are Allowed from tun0 to Port1, but I don't see any return traffic (allowed or denied).
This thread was automatically locked due to age.
