Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 12 replies
  • Answers 1 answer
  • Subscribers 29 subscribers
  • Views 32973 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to route traffic from Sophos XG in Azure to Internet or VPN

Mark H

I have a Sophos XG Virtual Appliance in Azure. I am unable to route Internet traffic from my Windows VM in Azure.

I also have an on prem XG 230 with VPN established to the Sophos XG in Azure. My laptop can reach the Windows VM's fine. Once RDP'd, I'm unable to ping from the VM to the outside world or over the VPN to my on-prem local network. My Windows VM can ping another Windows VM in Azure fine. It's also able to ping the XG Virtual Appliance fine.

My Azure config looks like this:

Virtual network 10.10.0.0/16

Subnets:

Default 10.10.0.0/24 - used for Port B of XG

LAN 10.10.1.0/24 - used for Port A of XG

Servers: 10.10.10.0/24 - used for Windows VMs.

I have a route 10.10.10.0/24 to virtual appliance 10.10.1.10 (XG port A) assigned to subnet "Servers".

Any help would be appreciated.

 

Also - packet capture of XG Virtual Appliance shows Violation - Incoming_Traffic. Ports 65001,650...



This thread was automatically locked due to age.
  • 0 in reply to Mark H

    I have a similar networking condition in Azure and believe I could be close based on what I am reading. As it stands, I can ping/access web admin from the Azure VM but not the reverse. Meaning I cannot ping the Azure VM from the XG. Packet cap shows the ICMP traffic exiting Port B (and not Port A). This is my configuration. (Azure support has been more helpful than Sophos)

    Azure virtual network

    10.2.0.0/24

    Subnets

    Port B 10.1.0.0/24

    Port A 10.1.1.0/24

    Servers 10.1.2.0/24

    1 VM 10.1.2.4

     

    Static Route

    Dest. 10.1.2.0

    Gateway 10.1.1.1

    Interface Port A - 10.1.1.4

    Distance: 0

     

    I went so far as to try and adjust the route precedence in the XG so that Static Routes are 1 but even that failed.

     

    Goal: Have all traffic (in/out) route and protect the VM. SSL VPN then RDP, etc.

     

    Any help would be appreciated!

  • 0 in reply to TimAlbertson

    Have you configured your UDRs and NSGs correctly? Please refer to this video - www.youtube.com/watch