Connect Client v. SSL VPN - Permitted Network Resources

On the SSL VPN (remote access) you can enter info into Tunnel access / Permitted network resources (IPv4)  networks. Is there an equivalent setting on the Connect client. I'm not seeing it.  I can connect to our LAN, but there are some private networks I can't get to with the Connect client, but can with the SSL VPN since I have those networks in the permitted network resources .

 

  • Hello MikeX,

    If you are using the exported tgb file to import into Sophos Connect then by default it is a tunnel all policy. If you cannot get to certain private networks behind the firewall then it is a routing issue. Please check if the Virtual IP assigned to the Sophos Connect Client has a route to and back.

     

    If you are using Sophos Connect Admin then you can assign specific networks to allow from Sophos Connect. So please check those networks if this is how you are configuring the policy.

    Please send an update on the results.

     

    Thank you,
    Ramesh

  • In reply to rmk_2018:

    Ramesh,

     

    It works .... kind of!

     

    If I explicitly add the 10.127.0.0/9 into the Networks in Connect Admin (in addition to my regular internal Lan IP range), I CAN get to that 10.127.0.0/9 network.

     

    If I leave it as Tunnel All, I can't get to the 10.127.0.0/9, but can still get to my regular LAN.

     

     

    note: If Sophos tech support wants to look at this, let me know and I will open a case.

  • In reply to MikeX:

    Hello MikeX,

     

    Since it works when you explicitly specify the network then it seems like a firewall rule that could be the possible cause of the problem you are seeing when you have a tunnel all policy from the Client side.

     

    Thank you. Hope to hear back on the possible cause of he problem.

     

    Ramesh

  • In reply to rmk_2018:

    It wasn't a rule.  I uninstalled the SSLVPN and the Connect client now works. 

     

    I remember reading somewhere if you have both clients, you need to install them in a certain order. 

  • In reply to MikeX:

    Thank you MikeX for the update. Also regarding this "I remember reading somewhere if you have both clients, you need to install them in a certain order. " Yes it was when we first released Sophos Connect last year we had this problem. But start Sophos Connect 1.2 and up that is no longer a issue.

     

    Please upgrade to the latest version Sophos Connect 1.3 EAP1 which will be available soon. Provide feedback on how it is working out in your deployment. There are two new features (Run logon script and Prompt for OTP on Phase 1 rekey) in this release. If you use any of these then it would be good if you can upgrade.

     

    Ramesh