The Sophos Community will be offline for scheduled maintenance this Saturday, May 27th, at 13:00 UTC for approximately 1 hour. Apologies for any inconvenience caused.

"Wanna" ransomware outbreak. Please see this Sophos article for advice on how to protect your organization. Immediate action recommended.

UTM to UTM Red problem access web interfaces of devices on other end

I set up a UTM to UTM red tunnel following

This actually was very easy to do and works well except that, although I can access the Sophos WebAdmin page for the devices on the opposite ends of the tunnel, what I can't seem to do is access the web administration of any other system or device across the tunnel.

For example if I try to open the web interface of networked HP printer through the tunnel I eventually get a timeout message from the UTM.  This is true for any other http or https site I try to access, such as hitting the Outlook Web Access of an internal mail server, the IWA app for our single sign on solution.  From within the same site all these things work as expected.

Any idea why this would happen?

  • Hi, Ralph, and welcome to the UTM Community!

    What insights do you get from doing #1 in Rulz?

    Cheers - Bob

  • In reply to BAlfson:

    Yes, I looked at the logs.  I did see that a default drop was happening between the red virtual interface on the remote end of the tunnel and the web enabled device I was trying to reach on port 80.

    In my firewall rules I have an any-any rule with both LANs in the both the source and destination boxes.  This is per the instructions cited in my original post.  With these settings I can ping, tracert, remote desktop, vnc, etc. between the two networks, it is just traffic on ports 80 and 443 that seem to be dropped.

    I can add the red network (in which the virtual red interfaces reside) into the any-any rules on the UTMs, and that does work. Since every other protocol work OK, and this step is not mentioned in the instructions for setting up UTM to UTM Red tunnels, it seems like this shouldn’t be required.

    Is http traffic treated differently by the UTM?  I’d like to understand what the reason is for dropping that specific traffic.

  • In reply to Ralph Smith:

    Post the line from the Firewall log file that corresponds to the drop you saw in the Live Log.  Alone among the logs, the Firewall Live Log presents abbreviated information in a format easier to read quickly.  Usually, you can't troubleshoot without looking at the corresponding line from the full Firewall log file.

    Cheers - Bob