Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 8 replies
  • Subscribers 29 subscribers
  • Views 8303 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Connect Client v. SSL VPN - Permitted Network Resources

MikeX

On the SSL VPN (remote access) you can enter info into Tunnel access / Permitted network resources (IPv4)  networks. Is there an equivalent setting on the Connect client. I'm not seeing it.  I can connect to our LAN, but there are some private networks I can't get to with the Connect client, but can with the SSL VPN since I have those networks in the permitted network resources .

 



This thread was automatically locked due to age.
Parents
  • 0

    Hello MikeX,

    If you are using the exported tgb file to import into Sophos Connect then by default it is a tunnel all policy. If you cannot get to certain private networks behind the firewall then it is a routing issue. Please check if the Virtual IP assigned to the Sophos Connect Client has a route to and back.

     

    If you are using Sophos Connect Admin then you can assign specific networks to allow from Sophos Connect. So please check those networks if this is how you are configuring the policy.

    Please send an update on the results.

     

    Thank you,
    Ramesh

  • 0 in reply to rmk_2018

    Hi Ramesh,

    Firstly thanks for the help towards the community. I have Sophos Connect working on my home lab. IP assigned are 10.10.10.5 to 10.10.10.50

    " Please check if the Virtual IP assigned to the Sophos Connect Client has a route to and back " - i dont understand what you meant by that statement , do we have to create a " Policy route " under " Routing " 

    At the moment i have just two firewall rules for Sophos Connect , one for IKE Services, which has Any for Source and Destination Zones

    and another FW rule for VPN to WAN , please refer to attachments

    Also with Sophos Connect , can we restrict access only to certain Networks , like how we have in SSL VPN (remote access) Permitted Network resources

    Appreciate your cooperation

    Thanks

    Raju 1732.Sophos Connect firewall rules.docx

  • 0 in reply to Ruka

    Hello Raju,

     

    You need to do the following.

    1) I would say you should have two different firewall rules. This rule includes the following VPN to LAN and LAN to VPN. In this rule you should control the allowed destination networks.

    2) Have a separate rule for VPN to WAN. This rule should include a corresponding a NAT rule to translate the source to the WAN IP of the firewall.

     

    Hope this will resolve the questions you have. Please provide update if the change works for you.

    Regards

    Ramesh

     

  • 0 in reply to rmk_2018

    Hi Ramesh,

    Thanks for your reply ,have enabled the below which now allows devices connected via Sophos Connect access Internet

     

    Appreciate your help

    Regards

    Raju

Reply Children
No Data