AWS XG Firewall Default Gateway

Question

Good morning everyone,

We currently have a VPC in AWS that is connected to our headquarters in a Sophos UTM and this sophos UTM is the Default Gateway of the Network connected to the AWS Virtual Private Gateway using the UTM Amazon VPC configuration.

I'm migrating this connection to a new XG V18 firewall.

All settings were performed according to the links.

community.sophos.com/.../sophos-xg-firewall-v18-to-aws-vpn-gateway-ipsec-connection

The connection is established normally but the packets reach the XG network but we are not able to browse the web.

Made a TCPdump and it seems that the packet goes out but does not come back.

I validated the rules and routes, everything seems to be ok. AWS Network(10.200.xxx.xxx/16) comunicate with XG Network (10.100.xxx.xxx/16) normally. B ut we can't use the network (XG) to go out to the web. Route tables in AWS looks like is ok. 
 Someone could Help? 10.200.xxx.xxx/16 (AWS VPC Network) 10.100.xxx.xxx/16 (XG Firewall Network) Teste made inside Server in AWS Network IP- 10.200.10.10 console> tcpdump 'host 8.8.4.4' tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes 02:01:15.477844 xfrm4, IN: IP 10.200.10.10 > 8.8.4.4: ICMP echo request, id 1, seq 204, length 40 02:01:15.477882 Port2, OUT: IP 10.200.10.10 > 8.8.4.4: ICMP echo request, id 1, seq 204, length 40 02:01:20.096377 xfrm4, IN: IP 10.200.10.10 > 8.8.4.4: ICMP echo request, id 1, seq 205, length 40 02:01:20.096381 Port2, OUT: IP 10.200.10.10 > 8.8.4.4: ICMP echo request, id 1, seq 205, length 40 02:01:25.083299 xfrm4, IN: IP 10.200.10.10 > 8.8.4.4: ICMP echo request, id 1, seq 206, length 40 02:01:25.083311 Port2, OUT: IP 10.200.10.10 > 8.8.4.4: ICMP echo request, id 1, seq 206, length 40 02:01:30.091947 xfrm4, IN: IP 10.200.10.10 > 8.8.4.4: ICMP echo request, id 1, seq 207, length 40 02:01:30.091950 Port2, OUT: IP 10.200.10.10 > 8.8.4.4: ICMP echo request, id 1, seq 207, length 40 02:03:53.842608 Port1, IN: ethertype IPv4, IP 10.100.20.251 > 8.8.4.4: ICMP echo request, id 1, seq 9165, length 40 02:03:53.842612 Port1.20, IN: IP 10.100.20.251 > 8.8.4.4: ICMP echo request, id 1, seq 9165, length 40 02:03:53.842696 Port2, OUT: IP 177.99.179.164 > 8.8.4.4: ICMP echo request, id 1, seq 9165, length 40 02:03:53.849923 Port2, IN: IP 8.8.4.4 > 177.99.179.164: ICMP echo reply, id 1, seq 9165, length 40 02:03:53.849934 Port1.20, OUT: IP 8.8.4.4 > 10.100.20.251: ICMP echo reply, id 1, seq 9165, length 40 02:03:53.849935 Port1, OUT: ethertype IPv4, IP 8.8.4.4 > 10.100.20.251: ICMP echo reply, id 1, seq 9165, length 40 02:03:54.858296 Port1, IN: ethertype IPv4, IP 10.100.20.251 > 8.8.4.4: ICMP echo request, id 1, seq 9166, length 40 02:03:54.858301 Port1.20, IN: IP 10.100.20.251 > 8.8.4.4: ICMP echo request, id 1, seq 9166, length 40 02:03:54.858310 Port2, OUT: IP 177.99.179.164 > 8.8.4.4: ICMP echo request, id 1, seq 9166, length 40 02:03:54.865544 Port2, IN: IP 8.8.4.4 > 177.99.179.164: ICMP echo reply, id 1, seq 9166, length 40 02:03:54.865560 Port1.20, OUT: IP 8.8.4.4 > 10.100.20.251: ICMP echo reply, id 1, seq 9166, length 40 02:03:54.865562 Port1, OUT: ethertype IPv4, IP 8.8.4.4 > 10.100.20.251: ICMP echo reply, id 1, seq 9166, length 40 02:03:55.874747 Port1, IN: ethertype IPv4, IP 10.100.20.251 > 8.8.4.4: ICMP echo request, id 1, seq 9167, length 40 02:03:55.874751 Port1.20, IN: IP 10.100.20.251 > 8.8.4.4: ICMP echo request, id 1, seq 9167, length 40 02:03:55.874761 Port2, OUT: IP 177.99.179.164 > 8.8.4.4: ICMP echo request, id 1, seq 9167, length 40 02:03:55.881992 Port2, IN: IP 8.8.4.4 > 177.99.179.164: ICMP echo reply, id 1, seq 9167, length 40 02:03:55.882011 Port1.20, OUT: IP 8.8.4.4 > 10.100.20.251: ICMP echo reply, id 1, seq 9167, length 40 02:03:55.882014 Port1, OUT: ethertype IPv4, IP 8.8.4.4 > 10.100.20.251: ICMP echo reply, id 1, seq 9167, length 40 02:03:56.890389 Port1, IN: ethertype IPv4, IP 10.100.20.251 > 8.8.4.4: ICMP echo request, id 1, seq 9168, length 40 02:03:56.890392 Port1.20, IN: IP 10.100.20.251 > 8.8.4.4: ICMP echo request, id 1, seq 9168, length 40 02:03:56.890403 Port2, OUT: IP 177.99.179.164 > 8.8.4.4: ICMP echo request, id 1, seq 9168, length 40 02:03:56.897647 Port2, IN: IP 8.8.4.4 > 177.99.179.164: ICMP echo reply, id 1, seq 9168, length 40 02:03:56.897661 Port1.20, OUT: IP 8.8.4.4 > 10.100.20.251: ICMP echo reply, id 1, seq 9168, length 40 02:03:56.897664 Port1, OUT: ethertype IPv4, IP 8.8.4.4 > 10.100.20.251: ICMP echo reply, id 1, seq 9168, length 40 Test made in XG Network in Server 10.100.20.251 console> tcpdump 'host 8.8.4.4' tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes 02:04:33.009378 Port1, IN: ethertype IPv4, IP 10.100.20.251 > 8.8.4.4: ICMP echo request, id 1, seq 9175, length 40 02:04:33.009379 Port1.20, IN: IP 10.100.20.251 > 8.8.4.4: ICMP echo request, id 1, seq 9175, length 40 02:04:33.009396 Port2, OUT: IP 177.99.179.164 > 8.8.4.4: ICMP echo request, id 1, seq 9175, length 40 02:04:33.016546 Port2, IN: IP 8.8.4.4 > 177.99.179.164: ICMP echo reply, id 1, seq 9175, length 40 02:04:33.016554 Port1.20, OUT: IP 8.8.4.4 > 10.100.20.251: ICMP echo reply, id 1, seq 9175, length 40 02:04:33.016555 Port1, OUT: ethertype IPv4, IP 8.8.4.4 > 10.100.20.251: ICMP echo reply, id 1, seq 9175, length 40 02:04:34.019766 Port1, IN: ethertype IPv4, IP 10.100.20.251 > 8.8.4.4: ICMP echo request, id 1, seq 9176, length 40 02:04:34.019767 Port1.20, IN: IP 10.100.20.251 > 8.8.4.4: ICMP echo request, id 1, seq 9176, length 40 02:04:34.019770 Port2, OUT: IP 177.99.179.164 > 8.8.4.4: ICMP echo request, id 1, seq 9176, length 40 02:04:34.026986 Port2, IN: IP 8.8.4.4 > 177.99.179.164: ICMP echo reply, id 1, seq 9176, length 40 02:04:34.027004 Port1.20, OUT: IP 8.8.4.4 > 10.100.20.251: ICMP echo reply, id 1, seq 9176, length 40 02:04:34.027007 Port1, OUT: ethertype IPv4, IP 8.8.4.4 > 10.100.20.251: ICMP echo reply, id 1, seq 9176, length 40 02:04:35.039385 Port1, IN: ethertype IPv4, IP 10.100.20.251 > 8.8.4.4: ICMP echo request, id 1, seq 9177, length 40 02:04:35.039389 Port1.20, IN: IP 10.100.20.251 > 8.8.4.4: ICMP echo request, id 1, seq 9177, length 40 02:04:35.039400 Port2, OUT: IP 177.99.179.164 > 8.8.4.4: ICMP echo request, id 1, seq 9177, length 40 02:04:35.046642 Port2, IN: IP 8.8.4.4 > 177.99.179.164: ICMP echo reply, id 1, seq 9177, length 40 02:04:35.046655 Port1.20, OUT: IP 8.8.4.4 > 10.100.20.251: ICMP echo reply, id 1, seq 9177, length 40 02:04:35.046658 Port1, OUT: ethertype IPv4, IP 8.8.4.4 > 10.100.20.251: ICMP echo reply, id 1, seq 9177, length 40 02:04:36.059482 Port1, IN: ethertype IPv4, IP 10.100.20.251 > 8.8.4.4: ICMP echo request, id 1, seq 9178, length 40 02:04:36.059486 Port1.20, IN: IP 10.100.20.251 > 8.8.4.4: ICMP echo request, id 1, seq 9178, length 40 02:04:36.059495 Port2, OUT: IP 177.99.179.164 > 8.8.4.4: ICMP echo request, id 1, seq 9178, length 40 02:04:36.066753 Port2, IN: IP 8.8.4.4 > 177.99.179.164: ICMP echo reply, id 1, seq 9178, length 40 02:04:36.066757 Port1.20, OUT: IP 8.8.4.4 > 10.100.20.251: ICMP echo reply, id 1, seq 9178, length 40 02:04:36.066758 Port1, OUT: ethertype IPv4, IP 8.8.4.4 > 10.100.20.251: ICMP echo reply, id 1, seq 9178, length 40

AWS XG Firewall Default Gateway

Submitted a Tech Support Case lately from the Support Portal?