SSl Vpn

Hello,

do you mean your SSL VPN  clients do NOT find the server or some host on HQ-site?

 SSL VPN  clients do NOT find the host 

Hey Brij Kishore,

You can refer the following link: community.sophos.com/.../ssl-vpn-unable-to-resolve-hostname

Same problem here. After upgrade to 19, the SSL VPN clients connected successfully. But no ping to any host inside the local network. either name or ip address.

XG310 (SFOS 19.0.0 GA-Build317)

Ping from remote client to internal address of the XG is possible. DNS is working too. But no connection to any host inside the local network.

SSL VPN clients connected successfully. But no ping to any host inside the local network.

Hello Brij Kishore,

Under the administrator > device access > ensure the Ping is allowed for the VPN zone.
Create a rules LAN to VPN & VPN to LAN rule...

Thank you.

Pings are all allowed for all Zones.

I added a new rule for outgoing traffic from Lan to VPN. No success.

It worked perfectly before update to V19.

Thomas Zenner,

So the ping is not working for the outgoing i.e. LAN to VPN OR for incoming VPN to LAN traffic ?

No, the external client cannot reach any host inside the local network. VPN to Lan traffic.

Okay Thomas Zenner,

Under the VPN to LAN rule > can you create a Linked NAT and then enable the MASQ


And then check the status of the ping

Sorry no luck.

Sorry no luck.

Can you perform the packet capture under the diagnostics


And then initiate the ping, and provide us the capture here...

Hey Thomas Zenner,

As you can notice there is a violation, reason firewall rule.
Can you show your Firewall rules, all so that we can inspect...
Is the new rule which you created is on the top/above all rules if not, please move rule on the top...

Wild guess: could this be related to your problem?

https://community.sophos.com/sophos-xg-firewall/sfos-v19-early-access-program/f/recommended-reads/132121/ssl-vpn-ipv4-lease-range-changes-in-sfos-v19

Found it.

the assigned ip address for the remote client was outside my defined IP-Range.

Thanks a lot.

https://community.sophos.com/sophos-xg-firewall/sfos-v19-early-access-program/f/recommended-reads/132121/ssl-vpn-ipv4-lease-range-changes-in-sfos-v19

not my fault.