Guest User!

You are not Sophos Staff.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Policy Test Tool in XG

I'm running the latest firmware.

How does the VPN Tester actually work?  I'm trying to test Firewall rules over a site to site VPN but the VPN isn't live yet, will it still work or do the VPN's require to have a green status?

Also the URL field (Destination). is it possible to use ip address instead of a URL as such?

I'm trying to test the site to site VPN rules which are locked down to restricted services and fixed IP's of servers.

I'm getting no rules found, so something isn't right somewhere or the Test tool requires for the VPN to be physically connected and active for the tool to work or the URL does not support IP address.

If that is the case, URL field does not support an IP address then how can i test firewall rules with fixed IP's?



This thread was automatically locked due to age.
  • Hello Chris,

    Thank you for contacting the Sophos Community.

    I think you’re referring to the Policy Tester, as I am not aware we have any "VPN Tester"; for the URL destination, you can use an IP on the URL.

    Make sure the Source Zone is set to VPN and selecting Test Methode, Firewall, SSL/TLS, and Web. Also, the Tunnel needs to be UP (green).

    For example in my case, I am testing access to 10.10.10.1 which is part of the IPsec tunnel, and it hits the Fuirewall Rule ID 15 which in my case is the IPsec rule going to the other end of the tunnel where 10.10.10.1 is located

    Regards,

  • Thank you for your reply.

    I've had my head buried in VPN rules and i do indeed mean policy tester and not vpn tester.

    That might well be the cause of my Firewall Rules not working, my VPN's are configured my end but not the other end, so not currently live. I wanted to do all the configuring and testing my side before putting the VPN's live.

    I wasn't sure how the Policy Tester worked in terms of testing only rules for their settings or actually simulated the traffic requiring the VPN's to be live.

    Looks like i was using the correct settings in the tester though which is good to know.

    Thanks.