Can't reach admin interface from SSL VPN

Question

Hello... 
 As the "subject" says, since we upgraded to 17.X and on (MR-2, MR-3) we can't access Sophos XG Admin interface from VPN (ssl vpn tunnel). 
 The page doesn't respond! BUT ... If we access the web Admin interface from inside the LAN zone (you don't even have to login, just load the admin page) at the same time (for example using a Terminal Server inside the LAN zone), the web admin interface is suddenly displayed also through the VPN SSL Tunnel! 
 Are we missing something? This happens on the latest 17.X releases: old firmware appliances are working fine. 
 If we can provide something to help please write. 
 Thanks, Mattia Trussardi

Mattia Trussardi · Accepted Answer

Hello. 
 I find out that on the SSL vpn config file (downloaded from the firewall) the "comp-lzo" parameter is always set to "no" (also on other firewalls we manage) although on the SSL vpn configuration parameters the "use compression" is flagged. 
 Maybe on old firmware versions client and server used to negotiate that parameter: not now with new firmware releases. 
 I have to manually set "yes" in the configuration file or disable compression in the VPN ssl config to make things work right again. 
 Mattia Trussardi

Ronak Sheth · Answer

Hello Mattia Trussardi , 
 
 Enable following setting to get admin access 
 
 HTTPS for VPN under Administration > Device access 
 Create firewall rule form VPN to LAN 
 If SSL VPN is configured in Split mode, make sure you have added Sophos XG LAN IP in SSL VPN (Remote Access) > Permitted Network Resources 
 Access Sophos XG through your LAN IP 
 
 This should solve your issue. 
 
 Regards, Ronak.