Cant connect to the Plesk samba file share through ssl vpn (remote access)

here is the samba config page on the plesk. I thought we would need to specify the remote VPN granted IP range but got no luck either here

thanks

Hi Cyril Thibout 

Could you please create SMB service port 445 firewall rule for VPN to DMZ zone and place the rule on top and do not apply NAT (MASQ) and verify the access and also add Netbios Ports-139 udp/tcp in the same rule and share the status.

Hi

Thanks for your answer. I don't fully understand what you propose :

1- I create a SMB service with the 445 port (see screenshot)
2- "firewall rule for VPN to DMZ zone " : can't understand here : the DMZ is just the LAN port of the ISP router: all the trafic passes through the router without any filtering. Can you explain what you expect here please ?
3- should I create a user/network rule or a Business application rule?

Thanks for your help

Cyril

Hi Cyril Thibout 

In the Sophos XG, please create a user/network rule from VPN zone to LAN zone (where your system is hosted) be it a LAN or DMZ. and add services SMB and NetBIOS as suggested earlier and in the option of NAT do not apply anything and create a rule.

Thanks 

Sorry but there are still thing I'm missing here :

1- I created the SMB service :

the SAMBA service (port 139) already exists

2- I created the firewall rule :

3- here is the rules order :

but on the remote PC I still can't access the samba share

Did I miss something please?

Thanks

Cyril

Thanks 

Sorry but there are still thing I'm missing here :

1- I created the SMB service :

the SAMBA service (port 139) already exists

2- I created the firewall rule :

3- here is the rules order :

but on the remote PC I still can't access the samba share

Did I miss something please?

Thanks

Cyril

Hi Cyril Thibout 

Please use packet capture and capture the traffic to check - https://community.sophos.com/kb/en-us/123189

is my config (see the screenshots) correct ?

and which BPF string should I enter in the packet capture utility please?

thanks

cyril

Ok in the packet capture utility I can see the packet from the remote VPN connected PC (I applied a Display filter on the src IP) 

When I unsuccessfully try to access the samba share I can see packets arriving but they don't show anything special compared to the packets I can see when the remote pc successfully access a lan folder 

Now I realized the vpn 2 lan rule I added serves nu purpose since I already have a VPN2Lan rule (the one created to make the VPN work) that allows any service

I relauched the packet capture tool filtering on the VPN firewall rule. On the remote VPN connected PC I only tried to access the samba share and I got :

in the screeshot above the 192.168.16.121 is the lan ip of the samba share I try to access from the remote PC

Hi Cyril Thibout 

As per the capture the traffic coming from tun0 SSL VPN interface and forwarded to the IP .121. tun0 to br0 to Port1, there are packets from Port1 for SSL VPN client IP but they are not getting into the tunnel, please try drop packet capture - https://community.sophos.com/kb/en-us/127111, you may open a service request with technical support for the further investigation, configuration seems to be correct - https://secure2.sophos.com/en-us/support/open-a-support-case.aspx