This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN question

Hi,

 

We work with Sophos SG UTM and endcontrol (sophos central)

We want to create a situation where our remote user can use their notebook.

The must setup a secure VPN to the company network and access the network shares but also the internet throuh the VPN/utm proxy.

The follow I configured

  1. I created a IPSEC remote access rule
  2. I created a webfilter groep for the IPSEC poule
  3. I installed the VPN client and set the notebook to connect the internet trough the proxy server (UTM)

This seems to work fine.

There is no internet access through the web browser with the VPN is connected because of the proxy setting.
However other internet access like teams, updates etc still continues.

Als those traffic I want to tunnel and let the UTn handle de accessrules.

can anybody tell my how?

 

best regards,

 

Peter



This thread was automatically locked due to age.
  • Did you configure a masquerading rule from the IPSec VPN pool?


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • Hoi Peter,

    As apijnappels suggests, you need either a firewall rule and a masquerading rule for "VPN Pool (IPsec)" or to include "VPN Pool (IPsec)" in 'Allowed Networks' for a Web Filtering Profile.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Under: network protection -> NAT -> Masquerading

    Configure a rule:
    Internal (Network) => External WAN

    This is necessary to translate your internal local IP-address to the public IP-address of your internet connection. Most soho routers do this automatically, but UTM is more diverse and can also be used to route between networks without translating to a single public IP-adddress.

    Then you need a firewall rule under Network protection -> Firewall in it's most basic form as:

    Sources: Internal (Network)
    Services: any
    Destinations: any
    Action: Allow

    Also tick Log traffic under Advanced so the rule is logged and you can trace it back should you need it later on.

    This firewall rule simply allows ALL traffic to EVERY destination. It's not the safest option but again that's what most soho routers do too. But in UTM you need to configure which traffic is allowed otherwise it is just not allowed.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • "Angel Squire" was a spammer from India.  His post and account will be removed.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA