Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 39 subscribers
  • Views 1919 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Client isolation on SSL VPN network?

Jelle

Hi,

we've been using SSL VPN on XG for a long time now and it works good. But now we came across the issue that we can't see other SSL VPN users. So it is not a problem from SSL VPN to LAN but inside the VPN network. A ping to a device resolves the right ip address but the ping itself as well as other services don't work. They work when we are all in the LAN. So is client isolation active in the SSL VPN network? Which settings need to be ajusted?

A rule which allows traffic from VPN to VPN is already active.



This thread was automatically locked due to age.
  • 0

    Hi  

    Could you please try to capture the packet when you initiate the traffic from one SSL VPN user system to another SSL VPN user system?

    Packet Capture Utility - https://community.sophos.com/kb/en-us/123189

    Regards,

    Keyur
    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • 0 in reply to Keyur

    Hi ,

    when I try to send a ping this is captured:

    Ethernet-Header
    MAC-Adresse d. Quelle:NA
    MAC-Adresse d. Ziels: NA
    Ethernet-Art IPv4 (0x800)
     
    IPv4 Header
    IP-Adresse d. Quelle:192.168.104.13
    IP-Adresse d. Ziels:192.168.104.12
    Protokoll: ICMP
    Header:20 Bytes
    Type of Service: 0
    Gesamte Länge: 60 Bytes
    Identifikation:9515
    Fragmentverschiebung:0
    Time-to-live: 128
    Prüfsumme: 50219
     
    ICMP Header:
    Typ: 8
    Code: 0
    Echo-ID: 1
    Echo-Sequenz: 502
    Gateway: 0
    Fragmentierung MTU: 0
    Prüfsumme: 19301

    Regards, Jelle

    Sophos XG210-HA (SFOS 18.0.4) on SG210 appliances with Sandstorm and 1x AP55
    Sophos Central with Intercept X Advanced, Device Encryption, Phish Threat, Mobile Control Advanced

    If a post solves your question use the 'This helped me' link.

  • 0 in reply to Jelle

    After scrolling to the right I found this:

    But I don't know what exactly is meant by "SSL_VPN". This is definitely not a name of a rule.

    Regards, Jelle

    Sophos XG210-HA (SFOS 18.0.4) on SG210 appliances with Sandstorm and 1x AP55
    Sophos Central with Intercept X Advanced, Device Encryption, Phish Threat, Mobile Control Advanced

    If a post solves your question use the 'This helped me' link.

Unfiltered HTML