We are setting up AWS with Sophos UTM as our firewall. We successfully setup the public and private subnets ans we followed the instructions given in the video that Sophos have provided. So far Sophos UTM is working in AWS.
We enhanced it by setting up a site to site VPN connection from on premise to AWS. We can reached the machines residing in AWS private subnet from on premise machines (our office). Here's the challenging part on our side. We have a third subnet called "Admin Subnet" in AWS. The private subnet and Admin subnet can see each other but we cannot ping any machine in Admin subnet from on premise machines.
Here are the information of what we have.
VPC: 10.16.0.0/20
Public subnet: 10.16.0.0/24
Private subnet: 10.16.1.0/24
Admin subnet: 10.16.5.0/24
On Premise network: 10.20.8.0/21
UTM
Firewall (Allowed: ping, rdp, http, https)
On premise (10.20.8.0/21) ---> AWS VPC (10.16.0.0/20)
IPSEC
Connections: Local Networks (10.16.0.0/20), Remote Gateway (Gateway: public IP of on premise, Remote Network: 10.20.8.0/21)
Amazon VPC
Network ACL: all traffic is allowed from and to 10.20.8.0/21
Security Group: All traffic is allowed from and to 10.20.8.0/21
We also tried to change the subnet of internal interface of UTM to bigger subnet (/20) but we are still getting "destination host unreacheable" when we ping a machine in AWS Admin subnet from on premise machine.
May I know what are the possible issue/s in our configuration?
This thread was automatically locked due to age.
Guest User!
You are not Sophos Staff.
