Trying to lab up and describe an upgrade process (outage windows and user impact) for some firewalls. I have 2 XG310s in HA and have done the following:
1. Assigned static LAN and WAN addresses; added LAN2LAN rule (with lan/vpn source to lan/vpn dest)
2. Internet is reachable via WAN interface
3. Updated the CA Cert with info
4. Added a user, assigned to open group
5. created a test SSLVPN profile and attached the user to it
Now when I do a provisioning file for a windows virtual machine (same subnet as WAN), I tell the Sophos Connect client to connect to the WAN address of the Sophos device. It does that all well and good... but then after it downloads the provisioning file, it only tries to connect to the LAN address.
Additionally, I've found the "temporary" ovpn files it sprinkles into the c:\program files(x86)\Sophos\Connect directory, and opening them reveals the configuration file has every address in it EXCEPT the WAN address. I.e. it has the "guest wifi" address, the LAN address, the DMZ (HA) address - and the RED tunnel address (I launched a RED tunnel on another virtual to watch that flow as well.)
What am I doing wrong here? Has anyone else had this kind of thing happen? The WAN address is an RFC1918 address behind a firewall, if that makes a difference... and I have no real way to change that without doing a creative NAT on my interior firewall...
This thread was automatically locked due to age.
