Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 26 subscribers
  • Views 1424 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Connect Client - Access to multiple networks

Andre Thibodeau

Hi there,

We have a client that wants to use Sophos Connect to remotely access work resources on two networks.  The two networks are connected via site-to-site SSLVPN.

Networks;
SophosConnect(2.0): 172.16.1.0/24
BranchOffice(XG125_v18.03): 172.16.3.0/24
Headquarters(XG210_v18.03): 172.16.2.0/24

Client works out of the Branch office and has SMB connections to both Branch office and HQ servers.  While at the office this works fine.  When the client dials in to the Branch office XG using Sophos Connect they can access the SMB shares in the branch office but not the HQ SMB shares.  Firewall rules are in place to allow the connection, but fails to route/allow the traffic to HQ.

Any ideas on how to resolve?

André



This thread was automatically locked due to age.
Parents
  • 0

    Hello Andre,

    Thank you for contacting the Sophos Community!

    Did you added the HQ subnet to the networks of the Sophos Connect? 

    Did you create the static rule to point back the traffic to the subnet of the Sophos Connect on the Branch Office?

    Regards,

  • 0 in reply to emmosophos

    Hi Emmanuel

    yes, the HQ subnets are added to the Firewall rules for Sophos Connect.

    I'm unable to figure out the routing, I did add some static routes, however ip traffic still not flowing traffic from the Sophos Connect client to HQ.  I'm starting to think I may need an IPSec VPN between branch office and HQ (rather than sslvpn)

    We also opened a ticket with Sophos...  however as we all know, getting a reply from sophos support is hit & miss.

    Andre

  • 0 in reply to Andre Thibodeau

    Hello Andre,

    Thank you for the follow-up!

    Please provide the Ticket number so I can follow-up!

    I have seen it working with IPsec before but not with SSL VPN (nor seen this specific configuration, but should be possible).

    If you do an ip route get from the HQ to the Sophos Connect Client subnet do you get the correct route?

    Regards,

  • 0 in reply to emmosophos

    Your team just called and we resolved the issue.  Slight smile

    A static route was not needed.  However the client was using the same sophos connect subnet on both XG's, once we fixed up the networks the traffic started to flow correctly.

  • 0 in reply to Andre Thibodeau

    Hello Andre,

    Thank you for the follow-up! Yes after running the command, it would have shown that the subnet was the sam in the HQ.

    I will mark your last answer as the correct one.

    Regards,

Reply Children
No Data