Guest User!

You are not Sophos Staff.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to ping Local Network on SSL VPN - Packet Capture show Violation Firewall

Fresh Install of Sophos 3300 - The Sophos is the gateway to the local networks.

Once connected to VPN I am able to ping all of the Gateway IP addresses on the Firewall, but unable to ping the devices on the network.

I am able to ping the devices from the Firewall - I have followed all of the instructions and also have gone through the Discussions with no luck. Just about tried everything.

In the Packet Capture it is showing Violation Firewall from the Source VPN device when I ping from it and when I ping from the inside device to the VPN'd PC get the same message.

All the rules are set ...

VPN to LAN

LAN to VPN

Even setup some Any to Any rules to see if I could catch traffic in the Firewall Log, do not see anything there.

Thanks for your help in advance...



This thread was automatically locked due to age.
Parents Reply Children
  • Harsh,

    I have made a few changes to the test network - now the Gateway sits on the Cisco Switch and configured the Firewall for the new gateway and created a static route for the network.

    The packet capture has changed to Forwarding - No Gateway - UNREPLIED

    Still unable to ping anything on the inside network. The plan for this deployment is to use the Sophos as network device for all of the Gateways of the Network. Currently all of the VLANs (except the test network) are configured on the Sophos and I am able to ping the devices from the Sophos.

    Thanks,

    Ben

  • FormerMember
    0 FormerMember in reply to Ben Sanderson

    Hi ,

    Thank you for the update.

    You'd have to configure the static route for the networks(VLANs) not owned by the firewall. Now, if you see the packet capture action "Forwarding" with correct VPN to LAN firewall rule and there's no reply from the destination, that indicates either an Anti-Virus on the workstation blocking ping or internal routing issue. Please check if there's a Window Defender blocking ping from the SSL VPN network.

    Thanks,

  • Harsh,

    There is no firewall on the device, it is a LAN Controller, configured for the same Gateway. Is a debug or log that I can view to check the route?

    I also am unable to ping the gateway of that network which is on the Cisco Switch. - There is a static route for that.

    Thanks,

    Ben

  • Harsh,

    Is there any logs that would help in troubleshooting this?

    Thanks,
    Ben

  • Harsh, for this statement - You'd have to configure the static route for the networks(VLANs) not owned by the firewall. All of the networks are owned by the Firewall. (Besides the test one, but going to switch it back.)

  • So was able to fix the issue, but not sure it is in best practices.

    Had to add a NAT rule to the VPN to LAN, once applied with all of the allowed network it worked.

    Is adding the NAT rule best practice, what security worries are there with this setup?

    Thanks

    Ben