Hi
I am trying to add a couple of additional LAN subnets to an existing SSL VPN (remote access); they are added to the "Permitted network resources" list on the VPN page and also added the appropriate "Destination zones" and "Destination networks" on the firewall rule that applies to my VPN connection.
Running a route print on the client shows the routes not added and that reflects the client logs are showing and if you add a route manually via route add pointing to the VPN gateway address the routing works ok so it just looks like the VPN policy isn't being pushed down to the client at connection time using the Sophos Connect client.
The only way we have managed to get the Connect client to add the additional routes is to literally add a new user to a new VPN profile with those extra networks defined; redownloaded the profile; adding new subnet for that test group also doesn't push down
As a test we even deleted the user from the profile group and they could still connect which also sounds very odd; is there some command required to get the XG refresh the VPN policy it is pushing out to clients or does it only update like once per hours or something really unhelpful? I have never knowingly seen another firewall be like that in terms of changes to the permitted destinations.
XG running 18.0.5.586
This thread was automatically locked due to age.
