I have a VPN tunnel enabled to our Sophos XG in Azure. I then have a resource group peered to that group with the Firewall. I have communication from on-prem to The firewall resource group, and Communication between the resource groups but no matter what I add any communication destined for on-prem from the spoke resource group is forced out the WAN port of the XG firewall. So if I run a trace route from teh spoke it goes to 10.2.1.6 and times out.
Has anyone done something Similar? Any Assistance would be great!
I have firewall rules on both sides that include in and out from all subnets.
I've added a route table in each resource group to point subnets 10.0.0.0/8 to the 10.2.0.4
I've followed this to create the static route to the on-prem subnet. https://community.sophos.com/products/xg-firewall/f/vpn/74246/html5-vpn-how-to-access-ressources-behind-ipsec-tunnel
details of networks.
On-prem
10.0.35.0/24
SG firewall 10.0.35.1
Azure Hub resource group
10.2.0.0/24
XG firewall
10.2.0.4 (LAN)
10.2.1.6 (WAN)
Azure Spoke resource group
10.2.55.0
This thread was automatically locked due to age.