Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 0 replies
  • Subscribers 26 subscribers
  • Views 1021 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Semi-internal traffic not always loading (performing a TLS handshake)

Garion

Hi all,

I've just setup a Sophos XG instance for my end-user devices (laptops, phones, mostly wifi enabled things).

I've got a Mikrotik acting as the gateway to the internet, and connected to this I have:

  • Eth1: Gateway to the internet
  • Eth2: Sophos XG
  • Eth3: Sophos XG
  • Eth4: Hypervisor
  • Eth5: Wifi

I've set the Mikrotik up to have two bridges configured:

  • Bridge 1 has the gateway, hypervisor and one of the Sophos ports
  • Bridge 2 has the wifi and the other Sophos ports

The hypervisor just runs a couple of Windows/Linux servers - some of which are internet facing, and some of which aren't. All of the public facing servers are passed through a VM running a Nginx Reverse Proxy with a wildcard SSL certificate

The Mikrotik is responsible for handling DNS across the entire network, and DHCP for the VM's in the hypervisor (using 192.168.10.0/25)

The Sophos handles DHCP for the client devices (using 192.168.10.128/25). The Mikrotik has a route configured for the 192.168.10.128/25 network. I should also mention that the firewall has masquerading turned off.

 

I have absolutely no trouble accessing external websites. But I fail to connect to any of my servers on the hypervisor about 95% of the time. At this point I should mention that each website has a local DNS entry pointing it to internal reverse proxy address and I use Cloudflare for public DNS entries (meaning that the local entries override the public).

  • I am able to access the Mikrotik and the ESXi console via IP (on 192.168.10.1 and 192.168.10.3 respectively)
  • I can't SSH into the VM running Nginx (on port 2020)
  • I can't ping the VM running Nginx (request timeout)
  • When I try and hit one of the web servers (both via the reverse proxy and directly accessing others) I get 'performing TLS handshake to <x>' which eventually times out
  • When I try and access these sites externally, they work perfectly every single time

Now I say 95% of the time, because very occasionally, it will just start working - I'll be able to SSH into the server and I can access the web servers via their DNS entries. But just as suddenly as it arrives, it will stop working again.

I have no idea why this is happening, and I've tried adjust various settings to no avail. Does anyone have any suggestions as to what I can try (or what I should be looking at) to try and diagnose this further (or to hopefully, resolve it!)

Cheers,
Garion



This thread was automatically locked due to age.