Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Subscribers 27 subscribers
  • Views 3470 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Fortigate 100E can not ping Sophos XG in VPN IPsec site-to-site

Long Tran

hi all,

i've already created a VPN IPsec site-to-site by following the guideline of Sophos, between a Fortigate 100E and Sophos XG. the VPN is up, from local IP of Sophos's site can ping to local IP of Fortigate's site, but the opposite way cant.

when i tracert from local IP of Fortigate's site to local IP of Sophos's site, i can reach the default gateway of that IP but that's all. the guy who manage the Sophos XG confirmed he's already allowed all connection from Fortigate's site to Sophos's site. but i still can not ping his local IP.

can you please show me where is the problem here? if i understand right, when i can reach to the default gateway of the local IP of Sophos's site by tracert, it means the connection from Fortigate to Sophos is established and clear, but the Sophos does not reply/allow the ICMP.

thank you very much.



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi, 

    I would like you to check few setting on on the firewall. 

    Navigate to the Administration > Device Access > Network Services > Ping/Ping6 > Is it allowed under VPN zone? 

    If it is allowed, check if you have Windows Defender on the destination workstation/server. In most cases, when tunnel is up and not able to ping the destination workstation/server, it could be the Windows Defender blocking ICMP. 

     

  • 0 in reply to FormerMember
    thanks to all, i finally found the issue and solution.
     
    the configuration of the Fortigate site is correct, nothing needs to change. the issue is Fortigate does not respond to the subnet of the remote site when connecting with Sophos => so from Sophos site must config the VNP as a host-to-host.
  • 0 in reply to Long Tran

    Hi Long Tran,

    I have been stuggling with this for a couple of weeks now please tell, what do you mean by configuring VPN as a host-to-host do you mean i should delete the IPSEC tunnel on the Sophos and setup a SSLVPN (host-to-host) instead ?

Reply Children
No Data