Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Subscribers 3 subscribers
  • Views 4144 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN Traffic Dropped but VPN protocols explicitly enabled in firewall rules

Brendan Corcoran

Hi,

I read Rulz, but I am still having difficulty understanding what's going on. I am trying to enable VPN services such as WiTopia and VPN unlimited, (which use IPsec and OpenVPN respectively, as far as I know).

I created a firewall rule for the entire internal network to allow VPN protocols out. VPN services still do not function, however, and I can see the attempted connections getting dropped. It does not APPEAR to be intrusion prevention, but that remains to be seen. 

The firewall rule I created is:

  • Sources: Internal (Network)
  • Services: VPN Protocols
  • Destinations: Any
  • Action: Allow
  • Time Period: Always
  • Log Traffic: checked
  • Source Mac Addresses: none

And the rule is enabled.

 

In order on Intrusion Protection page:

  • Global - IPS status enabled, Local networks = Internal (Network) only, policy/restart policy = drop silently/drop all packets
  • Attack Patterns - everything checked, everything dropped
  • Anti-DOS/Flooding - no options checked
  • Anti-portscan - Enabled, Log event only, limit logging
  • Exceptions: none
  • Advanced: nothing added here (everything is blank)

I am not really sure where to look next. It's highly possible I am misunderstanding how attack patterns work, but there is nothing obvious to me as to why the VPN connections are being dropped.

Also, I AM blocking most of the world via countries, however the connections in question are going to US-based VPN sites. The US is not blocked at all.

Thanks in advance for any insight, it is much appreciated. I am new to Sophos UTM (home edition) but I am eager to learn.



This thread was automatically locked due to age.
  • +1

    I want to apologize for potentially wasting anyone's time- 

    The entire issue (and all my other issues) have been solved by correctly configuring Masquerading. While this may be obvious to some, I think it should have a little more emphasis in the Rulz page.

    Specifically, #3.1 - 

    • When adding an interface, don't forget the Masquerading rule for the new network behind the UTM.

    I glossed over this (sorry!) and I suspect many others do as well. Can anyone tell me why this is not set up by default? Is it a security issue or a "we don't want to assume anything about your setup" issue?

    On that note however, can someone explain to me why lack of masquerading causes strange/intermittent connection issues? Web traffic was fine, outlook 365 email was fine, but for example gmail imap was not. Nor was VPN traffic. Masquerading fixed these, but I want to know *why* it fixed them.

  • 0 in reply to Brendan Corcoran

    Hi, Brendan, and welcome to the UTM Community!

    Thanks for the tip about Rulz.  Would you have hit on Masquerading if the parenthetical remark had been there when first you considered #3.1?

    Some proxies do their own masquerading, including Web Filtering.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    To me, the impact is so major that I feel that it would warrant it's own # but that's just me. It could be #0 as far as I'm concerned.

    Good to know about web filtering. On that note, the streaming services bypass still does not work for netflix.

Share Feedback
×

Submitted a Tech Support Case lately from the Support Portal?

Unfiltered HTML