Can't get remote network

Hello Matthew,

Yes you need to configure the firewall rules to allow traffic from VPN to LAN and LAN to VPN zones. After you create this firewall rule you will be able to access your internal hosts. 

Please let us know if this works for you.

Ramesh

Still no dice. I had already created a VPN to LAN rule but didn't have a LAN to VPN. 

I added the following rules but still get no communication through the VPN client. 

Further, I have also tried SSL and L2TP VPN connections but they refuse to connect. I'm assuming the problem is definitely the firewall blocking something. 

Ok, that fixed that issue at least. However now I'm back to the original problem of not getting a remote network still. I made sure no IP ranges were overlapping and even used a completely different subnet this time. 

further, I'm getting firewall denied in the log from my public IP to the public IP of the Sophos client. 

Hello Matthew,

Sorry for the delay. If the policy is configured for tunnel all then you need to add a firewall rule from VPN to WAN.

If you do not want to have a tunnel all policy then use Sophos Connect Admin and configure a split tunnel policy. In this case you will not need the VPN to WAN rule.

Please let me know if this works for you after you give that a try.

Thank you,

Ramesh

what's in the tgb or scx file you're importing into the client?

I'm posting this for the benefit of anyone that has this problem, connected via Sophos Connect with no remote network access.

All the setup info I've found focuses on VPN>Sophos Connect client settings, only discussing firewall rules for WAN access due to default 'Tunnel all' configuration with Sophos Connect. (No mention of any other firewall rules, Host and services objects or where the mystery users that we select come from or how to create them if they don't exist.... grrrrr). 

As I have two Site to Site IPSec VPNs up and working, I'm a little familiar with the process of making them work so........ This is what I did to make Sophos Connect work with the XG 115 and actually access the remote network.

1. I followed the setup info provided from Sophos for VPN>Sophos Connect client (Assigned an IP range on a completely different private subnet from any other network in my topology, just like I would for a remote site). Downloaded Sophos Connect client installer and exported the connection .tgb file.

2. Loaded Sophos Connect on the target laptop. Imported the .tgb connection file (machine was off-site, simulating a hotel room somewhere). 

     a. Sophos Connect would connect to the XG but no access from there. I could ping the remote network gateway IP but nothing else on the remote network. Not sure about WAN as I did not set up a firewall rule for that (So the documentation is correct, I was able to establish a connection using those instructions. I just couldn't do anything with it except ping the gateway). 

3. Here is where I departed from Sophos' documentation regarding Sophos Connect setup.

     a. Utilizing my experience setting up Site to Site IPSec VPN connections, I added an IP range entry in Hosts and services>IP host for the IP range entered previously in VPN<Sophos Connect client. Named it something like Sophos_Connect. 

     b. I added this host to my existing Firewall>Traffic to Internal Zones>Outbound VPN Traffic (and Inbound VPN Traffic) rules that I created when setting up the Site to Site VPNs. Specifically, I added it to Destination Networks (for Outbound) and Source Networks (for Inbound).

4. Like freaking magic, the Sophos Connect client machine was now able to ping and access resources on the remote network. I now had RDP access, which was my goal. 

Hello Marte,

I do not understand why you had to add these two rules (a, and b), If you are using the default tunnel all policy, and have added the firewall rule (VPN to LAN and LAN to VPN) Any host then you should be able to access your LAN networks available behind the firewall. If that is not the case, then I would like to understand the issue and we can then update the document as required.

Thank you for your help to make this easier for deployments.

Regards,
Ramesh

Of course, I can't access any is it down  devices on the remote end. Anything els tplinklogin e I should check? This is a brand new X jiofi.local.html G install with all the defaults. All I did was create a user and enable Sophos Connect. 

Hello Katyra,

Please check if you have added a firewall rule from VPN to LAN. 

Ramesh

Im experiencing same issue I will implement your resolution  :)

Helo Sir, Canyou help me with same issue ? I tried it but same issue

Looking forward i =f you could share your step by step procedure to resolved that

Helo Sir, Canyou help me with same issue ? I tried it but same issue

Looking forward i =f you could share your step by step procedure to resolved that