Firewall Rule for VPN

Hi Marwan Kandeel 

Check out suggestion #1 in this community troubleshooting guide, and let us know your results.

Regards,

I followed the instructions but Im not able to see any packets either in the log or packets capture.

What do you think I should look for on the firewall rules to allow traffic from VPN to LAN?

The point is, if you are not seeing any traffic going to the XG in tcpdump, most likely the client is not sending anything.

You need to verify, if it is an client issue or XG issue.

https://community.sophos.com/products/community-chat/f/knowledge-base-article-suggestions/105811/how-to-tcpdump-on-xg

Get the adapter IP, perform a tcpdump -ni any host Client_tunnel_ip 

Do you see anything? If not, you need to verify the Client configuration. Seems like your split tunneling is not correct and client is sending everything to his Default Gateway. 

The client is able to access only one resource. It is a server that I published and available on the bookmarks. All traffic going to this server is 100% perfect! Other than this, none...

I cannot follow you.

You are talking about bookmarks. 

Can you please post screenshots of your Configuration?

Here you go!

Can you first of all post the VPN Config. I assume, the issue is not caused by the firewall rule. (PS: You could try to activate MASQ and try again.)

Here you go:

Here are VPN config and also it shows I'm currently connected

.

I think, this issue is caused by your Permitted Networks. 

You used "#Port1" and "#Port2". Quite common mistake. Those objects contains the Interface IP, not the Network conntected to this Interface. 

You need to select / create a Network /24 for your Network and place it there. Then replace the OpenVPN Config. 

I think, this issue is caused by your Permitted Networks. 

You used "#Port1" and "#Port2". Quite common mistake. Those objects contains the Interface IP, not the Network conntected to this Interface. 

You need to select / create a Network /24 for your Network and place it there. Then replace the OpenVPN Config. 

Thanks! This worked for me...