Hello,
I would gladly accept some help.
I have 2 site, each with a cluster of sophos SG230 (active/passive). Let's call them site A and Site B
Site A is directly connected to Internet and has 2 local network, internal 192.168.1.x, DMZ 192.168.10.x
Site B is connected through an ISPbox, and has 1 local network, internal 192.168.2.x
Site A and B are connected through site to site IPSec VPN, with site A in respond only, both site A network are declared in local network of VPN config, on site B only site b local network is declared.
Site A has DNAT rule to forward external internet request to webserver in DMZ
Site A has firewall rules to allow traffic from internal network to webserver on port 443.
The webserver in local DNS, on both sites, has its internal IP, webserver in outside DNS has site A public IP, in doubt I have also created static DNS entrie on both cluster.
Site A internal Network can properly access said webserver.
Site B can access site A Internal Network.
Site B cannot access webserver in DMZ
If I create a static route in site B cluster with gateway as Site A sophos internal leg, my tracert shows destination route unreachable
If I remove the static route my tracert show exit though the ISPbox then request time out.
I have create appropriate Firewall rules on both cluster.
I'm quite lost in translation, any ideas ? I feel like my Site B sophos has no idea of site A DMZ network and therefore doesn't know where to route the packets.
Yes I have already read this https://community.sophos.com/kb/en-us/115191
Thank you !
This thread was automatically locked due to age.
