Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG with RED 60 remote sites - Main office to Remote site LAN

3 remote sites with RED 60 devices connected to main office Sophos XG

Unable to access devices at remote office from main office

RED Operation Mode Standard/Unified 

RED Interfaces in Zone: LAN

Already added Firewall Rule - Source/Destination LAN - ANY

Is there something I'm missing. Thanks



This thread was automatically locked due to age.
Parents
  • Hello there,

    Thank you for contacting the Sophos Community.

    If you SSH into the XG and press (5>3) to land in the Advanced Shell does the following command shows  the correct RED interface?

    # ip route get x.x.x.x (where x.x.x.x is the IP of a device behind the RED device)

    If you see the correct RED interface.

    Try a Ping from a computer behind the XG going to a device behind the RED and see where the XG is seeing the packets

    # tcpdump -eni any host x.x.x.x (where x.x.x.x is the IP of a device behind the RED device)

    Additionally please also run a Packet Capture from the GUI of the XG.

    And finally, check if you don't have an incorrect Static Route or SD-WAN and not overlapping networks.

    Please post screenshots.

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Reply
  • Hello there,

    Thank you for contacting the Sophos Community.

    If you SSH into the XG and press (5>3) to land in the Advanced Shell does the following command shows  the correct RED interface?

    # ip route get x.x.x.x (where x.x.x.x is the IP of a device behind the RED device)

    If you see the correct RED interface.

    Try a Ping from a computer behind the XG going to a device behind the RED and see where the XG is seeing the packets

    # tcpdump -eni any host x.x.x.x (where x.x.x.x is the IP of a device behind the RED device)

    Additionally please also run a Packet Capture from the GUI of the XG.

    And finally, check if you don't have an incorrect Static Route or SD-WAN and not overlapping networks.

    Please post screenshots.

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Children
  • Three RED networks 192.168.17.0/24, 192.168.18.0/24, 192.168.19.0/24. Main Office with XG 192.168.16.0/16

    XG210_WP03_SFOS 18.0.4 MR-4# ip route get 192.168.17.104
    192.168.17.104 dev reds1 src 192.168.17.1 uid 0
    cache
    XG210_WP03_SFOS 18.0.4 MR-4# tcpdump -eni any host 192.168.17.104
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on any, link-type LINUX_SLL (Linux cooked v1), capture size 262144 bytes
    19:16:39.564918 reds1, IN: In 0c:dd:24:e5:1a:eb ethertype IPv4 (0x0800), length 100: 192.168.17.104.65339 > 52.242.211.89.443: Flags [P.], seq 393960291:393960335, ack 2443875841, win 510, length 44
    19:16:39.603460 reds1, OUT: Out 00:51:0b:20:c2:35 ethertype IPv4 (0x0800), length 231: 52.242.211.89.443 > 192.168.17.104.65339: Flags [P.], seq 1:176, ack 44, win 7796, length 175
    19:16:39.684780 reds1, IN: In 0c:dd:24:e5:1a:eb ethertype IPv4 (0x0800), length 56: 192.168.17.104.65339 > 52.242.211.89.443: Flags [.], ack 176, win 509, length 0
    19:16:40.814635 reds1, IN: In 0c:dd:24:e5:1a:eb ethertype IPv4 (0x0800), length 68: 192.168.17.104.50669 > 192.168.1.12.515: Flags [S], seq 3372823071, win 64240, options [mss 1300,nop,wscale 8,nop,nop,sackOK], length 0
    19:16:43.888604 reds1, OUT: Out 00:51:0b:20:c2:35 ethertype IPv4 (0x0800), length 96: 192.168.17.1 > 192.168.17.104: ICMP host 192.168.1.12 

    --

    -

    I have to Static Routes

    -

    -

  • Hello there,

    So it looks you have a huge overlap of networks due to the /16 you are using on your Main Office.

    Either you can change your RED subnets to be maybe on a non /16 overlapping network or try bridging them into the LAN

    https://support.sophos.com/support/s/article/KB-000035548?language=en_US

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Yup that is it - oh well off to yell at project team who implemented this :) Thanks

  • Hello there,

    Thanks for taking the time to update the Community! 

    Regards,


     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.