Sophos Central Endpoint and SEC: Computers fail/hang on boot after the Microsoft Windows April 9, 2019 update. Please follow knowledge base article 133945
Learn about the Benefits of Multi-Factor Authentication (MFA). Turn your MFA on now!
Outage on MySophos and Partner Portal. You may contact Sophos Support through Phone.
We'd love to hear about it! Click here to go to the product suggestion community
I have a strange request from a client and was wondering if it's possible and how
Let's say we have a network 192.168.1.0 behing a XG. And another XG on a remote site(192.168.2.0) via Site2Site SSLVPN. Both are communicating properly.
So now, I connect from a third network from my laptop via SSLVPN to the network. I can see both networks(192.168.1.0-2.0).
Now question. Can either the 192.168.1.0 or 192.168.2.0 see me? And how?
It seems it cannot ping the vpn pool of remote users. Ideally I want to print to a printer the remote user has.
Second question. Can my laptop as a remote vpn device get a static ip? I cannot find this setting anywhere. I can only assing a VPN pool on VPN settings, but not a static vpn ip on a specific computer
RED is out of the question. I know this is the best solution that works out of the box, but the client doesn't want reds for 3 remote users on 3 different sites. Don't ask me why
For some reason you need to have a brain to work with XGs. From the log I had the thought that the 10.81.234.5 was the ip I was getting, but it was the gateway. With proper firewall rules VPN-LAN->VPN-LAN and actually finding out my vpn ip, I can acces the remote computer! yay
Ok so the second and equally important question is how can a remote computer get a specific vpn ip, eg. 10.81.234.40
In reply to Panagiotis Vakerlis:
You cannot bind/assign a specific ip to a client via SSL VPN.
This is currently a suggestion on our Sophos Ideas page.
All clients logged in via SSL VPN are listed in Live user. So basically you can work for VPN to LAN/DMZ with the user itself as a user based policy.
In reply to LuCar Toni:
I can do that, the problem is that the user policy is always on the From interface. So basically I can assign a rule for the remote user to access a network, but I can't make a network access the remote user.
The policy is From ->interface-network-user To ->interface-network
Actually where I am now, there's no point to route the network to access the user since I don't know the users' address(it's dynamic)
Seems Red is the only solution, even for 1 pc
I thought the network could access me(the remote computer). It did, on MacOS.
Today I'm looking at it from a Windows PC, same setup, cannot ping the remote user. I'm thinking that on windows it creates a second adapter and something's not right. Any ideas?
Just in case anyone cares, it was a windows firewall issue.So in remote SSLVPN from a pc the network works both ways, the only problem is you need to know its VPN IP everytime since you cannot configure a static one.
To be honest - Most of the time, Remote access is designed to access some facilities, not to access the client, who connected to you.
But you will find the IP quickly in Live users.
Also important to know: every live user uses 4 IP addresses in your SSL VPN Range.
Not sure if you seen this.