Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 7 replies
  • Answers 2 answers
  • Subscribers 27 subscribers
  • Views 530 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG SSLVPN Clients are applied to SNAT, while they shouldn´t

seroal

Hi there,

I have a Sophos XG SSLVPN Dialin configured, which is working in general. When it comes to networking, we face an issue, that the clients are being SNATed, when accessing internal ressources (we monitor the source IP on the destination webserver). There is not nat Ruleconfigured, that could be responsible, but anyways it happens.

The VPN Clients are based in the same subnet as the destination server, there is a big /20 Range or something like that, and within the last octet, there is a ip range, that the clients are beeing assigned, when dialing in. Could this be related? Are there some hidden NAT rules , that I can see somewhere?

In every case, the conntrack Tool shows "natid=0" , and there is not nat rule 0.

Any ideas?

Thank you!



This thread was automatically locked due to age.
Parents Reply Children
  • FormerMember
    0 FormerMember in reply to seroal

    Hi ,

    Once the license expires on your firewall, features that fall under the specific module will stop working. The VPN feature falls under the base firewall license and since it’s expired, VPN won't work as expected. 

    Thanks,

  • 0 in reply to FormerMember

    In parallel I asked our Presales Team and I got some interesting answers... So my original questions seems to be answered aswell, because a XG without base license is NATTING any connection through the firewall. So this is our issue. We will now migrate the UTM Base License.

    Thanks