We are in the process of setting up our first XG as we are moving away from TMG.
With help of the Sophos reseller the Site2Site tunnel is established and status and connection both show green.
Automatic VPN Firewall rule in place Allow Any zone source Switch_LAN, LAN, Remote_LAN, destination Switch_LAN, LAN, Remote_LAN, any service.
The remote site can send data as is logged in the XG log with the firewall allow rule. But we do not see any traffic going back out. Nothing logged and the remote site doesn't receive anything back.
The XG is connected on Port 1 to our core switches with a Switch_LAN IP adress, the core switches have an IP adress in the Switch_LAN and in the LAN. Their default gateway is the TMG. At the TMG a rstatic route is set for the Remote_LAN to the Sophos XG. Port2 is a static Internet IP adress not known by the TMG.
Problem is I cannot ping from the XG to the Remote_LAN. Nor from the LAN to the Remote_LAN. A trace route at the TMG gives the Sophos XG as the first hop but drops away * * * * after that. The XG log gives Allow In Port1 Out Port2 Src IP TMG server Dst IP Remote_IP src port 137 UDP en ICMP.
I. A trace route at the XG gives 30 times:
1 * * 10.0.1.253 984.001 ms !H: 2 * * 10.0.1.253 984.001 ms !H: etcetera.
This traffic is not logged?
The remote site uses a Fortigate.
Any idea's?
Tanks in advance,
Fred
This thread was automatically locked due to age.
