Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 26 subscribers
  • Views 703 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN S2S ( sophos - fortigate ) TRAFFIC isn't routed

Pastor Macao

Hi i've recenctly created a VPN S2S between our branch ( SOPHOS ) and headoffice ( FORTIGATE ) , the problem is the traffic is working only in one way direction ( Headoffice to branch ) but not the way arround ( branch -> headoffice )

Case ID :  05844513


 


This thread was automatically locked due to age.
Parents
  • 0

    Hi Pastor,

    1. Have you created an FW Rule for LAN-VPN and VPN - LAN and placed it on top of the policies?

    2. Check the packet capture so that we could determine what port is the return packet going to.

    Determine the traffic flow via TCPDump, drop packet capture from CLI and from GUI.

    CLI (click 4 Device Console)

    console>tcpdump 'host <dst IP> and proto ICMP

    console>drop-packet-capture 'host <dst IP> and proto ICMP

    GUI

     MONITOR & ANALYZE>Diagnostics>Packet Capture and click Configure and enter : 

    host <destination IP> and proto ICMP

    3. Traffic not passing through VPN Tunnel

    support.sophos.com/.../KB-000035835

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • 0 in reply to Erick Jan

    1. Have you created an FW Rule for LAN-VPN and VPN - LAN and placed it on top of the policies?

    YES ( VPN - LAN ) and ( LAN-VPN)

    2. Check the packet capture so that we could determine what port is the return packet going to.

    2022-11-04 10:21:33
    Port5
    Port3
    IPv4
    172.16.200.43
    192.168.202.61
    ICMP
    --
    0
    1
    Violation
    Firewall
    2022-11-04 10:21:33
    Port5
    IPv4
    172.16.200.43
    192.168.202.61
    ICMP
    --
    0
    0
    Incoming
    2022-11-04 10:21:28
    Port5
    Port3
    IPv4
    172.16.200.43
    192.168.202.61
    ICMP
    --
    0
    1
    Violation
    Firewall
    2022-11-04 10:21:28
    Port5
    IPv4
    172.16.200.43
    192.168.202.61
    ICMP
    --
    0
    0
    Incoming
    2022-11-04 10:21:26
    Port5
    Port3
    IPv4
    172.16.200.43
    192.168.202.61
    ICMP
    --
    0
    1
    Violation
    Firewall
    2022-11-04 10:21:26
    Port5
    IPv4
    172.16.200.43
    192.168.202.61
    ICMP
    --
    0
    0
    Incoming
    2022-11-04 10:21:23
    Port5
    Port3
    IPv4
    172.16.200.43
    192.168.202.61
    ICMP
    --
    0
    1
    Violation
    Firewall

    PORT 5 : LAN , PORT 3 : WAN

    SERVER PINGS STARTED FROM  :172.16.200.43

    SERVER DESTINATION : 192.168.202.61 




    VPN S2S STATUS IS ON : 

    Local subnet Remote subnet Status
    eLeader_nat_ 172.16.200.41 (172.16.200.43/32) eLeader_Nat_192.168.202.61 (192.168.202.62/32)


    NOTE :
    WE HAVE DUAL WAN : PORT 3 , PORT 4  

  • 0 in reply to Pastor Macao

    Hi Pastor, 

    Can you check the log viewer? 

    Based on the screenshot there’s a violation on Rule ID 1. 

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

Reply Children
No Data
Unfiltered HTML