ETA Solution: Windows Firewall, of course.
Thanks @LuCar Toni
The Sophos Client successfully connects to the XG.
I can ping 8.8.8.8 while connected.
I can ping the XG's LAN interface (10.0.4.1) while connected (172.16.16.5 can ping 10.0.4.1).
I can NOT ping any resources on the LAN (e.g., 10.0.4.2) while connected.
I can NOT ping 172.16.16.5 (Sophos Connect Client virt. IP) from the XG command line).
Wireshark PCAP on 10.0.4.2 shows the ping arriving at 10.0.4.2 NIC but I get a "(no response found!)" rather than the expected "(reply in [time])"
Port 1 is physically connected to the LAN switch.
PCAP on the XG: When I ping 10.0.4.2 from the remote client, I see the following...
ipsec0, IN: 172.16.16.5 > 10.0.4.2
br0, OUT: 172.16.16.5 > 10.0.4.2
Port1, OUT: 172.16.16.5 > 10.0.4.2
PCAP on the XG: When I ping FROM 10.0.4.2 to the remote client, the PCAP on the XG shows the following...
Port1, IN: 10.0.4.2 > 172.16.16.5
br0, IN: 10.0.4.2 > 172.16.16.5
Port1, IN: 10.0.4.2 > 172.16.16.5
Would appreciate any help figuring out what I'm doing wrong. This should be very simple to configure. I'm either overthinking/over-complicating it, which happens a lot, or something is broken.
This thread was automatically locked due to age.