ENV: Sophos XG SFOS 18.0.5 MR-5 SG230
Hello, my org recently changed our AWS VPN connection from a site-to-site connection to tunnel interface connection using BGP. We have everything working with our new AWS VPN except one thing. We have a public website hosted in AWS Elasticbeanstalk using an internet-facing Elastic Load Balancer. Prior to the VPN change, we did not have any trouble accessing the website from the internal network, now we cannot access the site on the LAN using the URL, Elastic URL, or the ELB IP addresses.
However, I can access the website from the EC2 private IP that is located in our VPC subnet. I'm sure this is a routing problem, but I do not have enough networking knowledge to figure out this issue. DNS lookups work fine and point to [websitename].us-east-1.elasticbeanstalk.com with the two ELB public IPs, which is basically is what we CAN'T get to behind the firewall.
When I attempt to visit the site and watch the firewall log, it shows that the LAN source to the ELB IP is allowed. However, when I run a packet trace doing the same thing, every connection status is "UNREPLIED". We have a MASQ NAT rule in place, but it seems the private/public routing is not configure correctly.
I am completely stuck trying to fix this issue and would appreciate any help or suggestions that anyone could provide.
Thanks
This thread was automatically locked due to age.