This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

No response when accessing internal load balancers via SSL VPN

Hi all,

I've found something very weird.

When attempting to access an internal SNAT/PAT device (Azure load balancer) via the Sophos XG SSL VPN the page just times out. I can see the traffic hitting the load balancer in the Sophos logs, and it's allowed, but the page still times out.

Client should hit load balancer IP, then load balancer does NAT and PAT to an internal server and IIS page loads. The clients can access the servers and IIS sites directly, but not via the load balancer for some reason. Could IPS/AV/HTTPS DPI be affecting this? I can't see anything in the logs to indicate that it's being blocked/dropped anywhere. Also, accessing the load balancer from internally works fine (Not on the VPN).

Kind regards,

Mike

This thread was automatically locked due to age.

0 FormerMember over 4 years ago

Hi Mike, Thanks for reaching out to the Sophos Community.

Would It be possible to check by keeping MASQ in the SNAT in the matching NAT rule?

To verify whether IPS/AV/DPI affects this or not, Simply go to log viewer and change to each module from the drop-down menu at the top and access the website. If XG is dropping/discarding any packets, It'll be reflected there.
Cancel
Vote Up 0 Vote Down

Cancel
0 Michael Ives over 4 years ago in reply to FormerMember

Hi ,

Thank you for coming back to me.

So the load balancer is an Azure load balancer, and I can see the traffic leaving the Sophos XG firewall and getting to it (Showing as allowed in the logs), but for some reason the page just times out still. I'll dig through the logs some more and maybe try adding a rule explicitly for these LBs and not apply any IPS/scanning of any sort.

Thanks for your help.

Mike
Cancel
Vote Up 0 Vote Down

Cancel