Guest User!

You are not Sophos Staff.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to ping Local Network on SSL VPN - Packet Capture show Violation Firewall

Fresh Install of Sophos 3300 - The Sophos is the gateway to the local networks.

Once connected to VPN I am able to ping all of the Gateway IP addresses on the Firewall, but unable to ping the devices on the network.

I am able to ping the devices from the Firewall - I have followed all of the instructions and also have gone through the Discussions with no luck. Just about tried everything.

In the Packet Capture it is showing Violation Firewall from the Source VPN device when I ping from it and when I ping from the inside device to the VPN'd PC get the same message.

All the rules are set ...

VPN to LAN

LAN to VPN

Even setup some Any to Any rules to see if I could catch traffic in the Firewall Log, do not see anything there.

Thanks for your help in advance...



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    Did you allow ping on the VPN zone? Go to Administration and device access to find out. 

    Also, please share the screenshot of the SSL VPN profile and specifically allowed networks? Did you add an interface or create a network object for your internal network? 

    Thanks,

  • Thanks for replying..

    Attached are the screenshots of the settings.

    The rule for LAN to VPN right now is IP any any, just to get it to work, once working will start to harden.

    Thanks in advance.

  • FormerMember
    0 FormerMember in reply to Ben Sanderson

    Hi ,

    Thank you for providing the screenshots. 

    Why there’s a SNAT rule for the SSL VPN? You wouldn't need it, and I'd suggest you remove it for testing. 

    Also, create a network definition for the SSL VPN instead of the network range for the VPN to LAN firewall rule. 

    Thanks,

Reply
  • FormerMember
    0 FormerMember in reply to Ben Sanderson

    Hi ,

    Thank you for providing the screenshots. 

    Why there’s a SNAT rule for the SSL VPN? You wouldn't need it, and I'd suggest you remove it for testing. 

    Also, create a network definition for the SSL VPN instead of the network range for the VPN to LAN firewall rule. 

    Thanks,

Children