Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 2 answers
  • Subscribers 26 subscribers
  • Views 826 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

ping sourceip over Ipsec does not work - v18.5

Carlos Cesario

Hello,

Currently I migrate some devices from 17.5 and 18.0 to 18.5, until now it works as expected.

But Im having a bit problem, whit the previous versions "ping sourceip" command or "ping -i" in v18  from XG device console it works as expected.

But now in v18.5 ping sourceip (in cish) ou ping -a (in advanced console) does not work. The IPSEC tunnel it works as expected, all devices from BO and HO has access each other, but from XGS device I can´t  PING any device from BO .

Ping from XGS device

From device behind XGS

and traceroute from XGS with source IP it works!

Is there any new option to enable PING from device console ?

Regards

Carlos



This thread was automatically locked due to age.
Parents Reply
  • FormerMember
    0 FormerMember in reply to Carlos Cesario

    Hi ,

    SNAT policy would be required to route Sophos(XG) Firewall initiated traffic through IPsec VPN.

    Here is the command to add SNAT policy for the destination network.

    console> set advanced-firewall sys-traffic-nat add destination 192.168.32.0 netmask 255.255.255.0 snatip 192.168.xx.237

Children