Thread Info
  • State Not Answered
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 14 replies
  • Subscribers 30 subscribers
  • Views 59520 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN Remote Access working, "use as default gateway not"

Timothy Stewart

Hi.  I have SSL VPN working with remote access users.  I can remote to any of the machines listed in Tunnel Access - Permitted Network Resources however I cannot use my XG Firewall as a gateway.  When ever this setting is turned on, remote clients cannot access the internet.

I have made sure the #Port1 and #Port2 (LAN/WAN) were added to Tunnel Access > Permitted Network Resources and that my firewall rule is allowing Source Zone: VPN -> Destination Zone: LAN/WAN/Any

I am hoping to use my XG Firewall as a gateway for http/s internet requests when working remotely.

Thanks!



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to KhaledMaged

    Khaled, it's not clear if you and Timothy were having the same problem, so it's difficult to say whether there is a solution.

    In Timothy's case, I'm still not sure what the issue was. The claim was that everything was working fine in Windows 10 but not on OS X with the default gateway setting turned on, but he also indicated seeing a policy violation in his packet capture which would suggest that the firewall wasn't routing the VPN traffic. He didn't specify whether Windows 10 was honoring the default gateway setting and exclusively routing traffic through the firewall or whether it was using the local gateway. I have multiple users connecting to the XG Firewall through the latest version of Tunnelblick on OS X and with the default gateway setting turned on, and everything has worked fine since the beginning. I have not tested it with any iOS VPN, so I don't know if the iOS client specifically has problems that OS X clients do not.

  • 0 in reply to BrianCarp

    My issue is the same now  - clients from Windows 7 or 10 they can access the VPN network and internet without any issue -  but only who is access by IOS they enable to access VPN network but internet is not working - any idea !?

  • 0 in reply to KhaledMaged

    Have you confirmed whether the Windows clients are using the firewall as the gateway for their internet traffic instead of their local gateway? (IP addresses reported by sites like whatismyip.com will report either their ISP address or the firewall's public address.) Also confirm DNS lookups, and see what name servers the clients are attempting to use to resolve domain names. If it is the case that Windows clients can use the firewall as a gateway and the iOS clients cannot, also using the packet capture on the firewall to confirm that it is not blocking traffic for policy-based reasons. Is it also helpful to know whether those packets are in fact traveling through the VPN and hitting the device, or whether the iOS client is failing to route properly.

    Hopefully Sophos will write a guide for establishing SSL VPN connections between the firewall and iOS devices. They do however have a guide for establishing IPsec connections using the Cisco VPN Client for iOS, so you might want to try that instead:

    How to Establish an IPsec Connection Between Sophos Firewall and Cisco VPN Client for Apple iOS

  • 0 in reply to BrianCarp

    Thank you for your replay.

    you are right, windows client using the firewall for the internet access ( and i don't know how i can disable that as i need the client to use there internet connection only!!!! )

    and for the Ipsec connection between sophos and cisco VPN, acutely i did the same configuration, and user can access vpn network normally, but still they can't access to internet !!!!!!