Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 26 subscribers
  • Views 3127 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN works but not according to the manual instructions.

DMC

I am using an XG105 with version 16.01.1

I have the VPN working with SSL, however according to tech support there are 2 parts of the setup that should not be necessary.

1. The firewall rule from VPN to Lan traffic, I turned on Rewrite Source Address and Masq. The masq is the ip address of port 1. According to tech support this isn't necessary.

2. The firewall rule from Lan to VPN, a rule was created to allow network sources to be used. In the Tunnel Access which is turned OFF. there is a selection Permitted Resources. A rule was created to allow network usage in the subset of 192.168.2.0. Selecting Port 1 which is the LAN, is not enough

Without these 2 enabled, I would not have been able to connect to a server that was using the XG105  appliance.

The IP address would be created on the client side, but I would not be able to use RDP to access any computer on the network.

Another issue, is that no one understands why I can not ping the computers on the network.

Those are the 2 issues I would like to write about.

 

Thank you.

DMC



This thread was automatically locked due to age.
Parents
  • 0

    Thanks DMC for your tests.

    Inside the firewall rules do not insert ports. Rule simply doesn't work.

    For the ping, make sure to allow ping on vpn zone under Administration > device access.

    Feel free to post your config screenshot.

    Regards

  • 0 in reply to lferrara

    I have the ping command enabled. I had a Sophos Tech log on and he said everything is fine, however he didn't know why I can't ping any computers. That is why I put this up as a discussion and not as a question. I am still reading the admin guide for the XG Version 16.

    Can you please explain this comment:

    Inside the firewall rules do not insert ports. Rule simply doesn't work.

  • 0 in reply to DMC

    DMC,

    creating Firewall rules where source object contains a Port, will make the rule useless. Here the screenshot:

    For the PING, I would like to investigate.

    Send me a PM and I will connect to your XG.

    Regards

  • 0 in reply to lferrara

    The Ping issue was solved. It was a setting in their anti virus software, that wasn't allowing pings. I didn't see any option to enable pinging, only to disable the firewall.

    As for the other issue, it wasn't a firewall rule issue.

    Rather a setting in the VPN.

    Go to VPN, Click on SSL VPN REMOTE Settings.

    Scroll down to Tunnel Access.

    Permitted Network Resources IPv4.

    It isn't enough to select Port 1, which is the Lan.

    One must create a rule IP address 192.168.X.X  subnet /24 (255.255.255.0)

    If this rule isn't created in this dialog box, then resources can not be accessed.

    This isn't mentioned in the manual link nor in the latest Admin guide to version 16.

    Thank you for your help.

Reply
  • 0 in reply to lferrara

    The Ping issue was solved. It was a setting in their anti virus software, that wasn't allowing pings. I didn't see any option to enable pinging, only to disable the firewall.

    As for the other issue, it wasn't a firewall rule issue.

    Rather a setting in the VPN.

    Go to VPN, Click on SSL VPN REMOTE Settings.

    Scroll down to Tunnel Access.

    Permitted Network Resources IPv4.

    It isn't enough to select Port 1, which is the Lan.

    One must create a rule IP address 192.168.X.X  subnet /24 (255.255.255.0)

    If this rule isn't created in this dialog box, then resources can not be accessed.

    This isn't mentioned in the manual link nor in the latest Admin guide to version 16.

    Thank you for your help.

Children
No Data