Hello,
I've been troubleshooting connectivity issues with a host that is attempting to use the Pulse Secure SSL VPN client to connect to a remote Pulse SSL VPN gateway. I know the hostname/IP address of the remote gateway and used the XG's "log viewer" utility to attempt to locate any log messages associated with the IP. All that I located were a few allowed entries on the firewall log portion (hitting an "allow all" rule I've previously configured).
I added an explicit entry in the firewall rules to allow traffic to the gateway's IP address and unchecked the "Scan HTTP" and "Decrypt & Scan HTTPS" functions. There are no IPS, web policy, or app control policies specified on the rule. I put the rule at the top of the list.
I reviewed the firewall logs and noticed the traffic was still hitting the other rule (which IS configured to scan http and https). I eventually disabled the HTTP/HTTPS scanning on the rule it was hitting and the Pulse SSL VPN client now connects.
How does rule evaluation work in Sophos XG? I assume a rule at the top should be evaluated first but I'm guessing the reason my traffic wasn't hitting the rule is because of criteria instead of order (more explicit versus less explicit etc...)?
Any help/insight is appreciated!
This thread was automatically locked due to age.
