Okay,
I've joined this forum because I'm now 8+ hours into trying to get basic SSL client VPN services working to a new (and very expensive) XG115 that I've recently installed on a small network.
When I first started setting this up I observed that a how-to guide had been recently authored and thought "great, this will make things easy!". Wrong.
If I can't get this sorted this expensive XG is going to be on its way back to the vendor I got it from.
The guide is here;
https://community.sophos.com/kb/en-us/122769
I was able to follow everything indicated with one exception, in the "tunnel access" of the how-to it indicates you should be able to select an IP group you previously created, but on my XG (FW SFOS 17.0.8 MR-8) I don't get this option, I only get the option to choose the physical interfaces and VLANs administered on the Firewall.
I am able to download the configuration and get the tunnel established. The firewall rules show no traffic passing through (0 bytes sent 0 bytes received). If I status the user in current activities I see my user connected and it even shows a small amount of upload traffic, but the client can't ping anything or access anything on the LAN side of the network.
After spending multiple hours trying to get something so basic to work I started digging for anything else that might help;
I looked at this post https://community.sophos.com/products/xg-firewall/f/vpn/93396/can-t-get-ssl-vpn-to-pass-traffic and then this one community.sophos.com/.../ssl-vpn---can-connect-but-no-traffic
which included a bewildering array of advice including that a FW rule was needed in the LAN to VPN direction (this is not indicated in the How-To article), that MASQ NAT should be enabled, that in the VPN policy "use as default gateway" must be turned on, etc.
I have tried all of this stuff and it still does not work. The Firewall logs don't even show it filtering any traffic through the VPN rule. I have re-downloaded the configuration each time I've made a change (stupid btw) and tried connecting on multiple computers and operating systems.
This was supposed to be up and running a week ago and I've never had so many problems getting basic client access working with a UTM. Can someone help me please? To make matters worse there is nobody technical at the site so every time I need to work on this I am driving across town and sitting there trying to troubleshoot this thing for hours. The business owner simply needs to be able to VPN into the site from their PC when they are away and access machines via remote desktop. Should be easy, done it many times with other products, apparently in Sophos XG land nothing is easy.
This thread was automatically locked due to age.
