Hello all,
This is a very interesting issue.
Several weeks ago, I was having a hard time setting up a VPN site-to-site using UTM 9. You can see my odyssey here
Long story short, I found out that you cannot ping from the server side of the vpn to the client side of the VPN from the UTM 9 box. It works from the server side of the VPN
Well...at the time I found out the problem - with much appreciated help from this forum, and a friend that is a SOPHOS partner - I thought: nobody will want to ping the other side of the vpn from the UTM box. Well...it turned out I was wrong.
Little diagram:
Branch Office >>>> VPN >>>>> Headquarters
Server Side of the VPN Client side of the VPN
192.168.150.0 192.168.0.0
I need to configure SOPHOS UTM on the branch office, to authenticate against a Active Directory server that resides on the headquarters. I tried configuring it under Users and Definitions/Authentication Servers and got a timeout. Then, I had the "brilliant" idea to ping the AD(that resides on the headquarter) from the branch office UTM using the webadmin ping tool. No love! I cannot establish any sort of communication with computers behind the headquarters UTM. However, I can ping fine from any computer that is behind the branch office UTM.
I know I can create a NAT on the headquarter UTM pointing to my AD server. However, I want to avoid this option at any cost.
What I checked out:
No Packages Blocked on the firewall
No blocks on the webfilter(it doesn't make sense but, I checked anyways)
No Packages Blocked on the IPS
All these options are enabled at NetWork Protection/Firewall/ICMP for both UTM boxes.
Global ICMP settings
Allow ICMP on Gateway
Allow ICMP through Gateway
Ping settings
Gateway is Ping visible
Ping from Gateway
Gateway forwards Pings
This thread was automatically locked due to age.
