Sophos Firewall v18 AWS site-to-site VPN connected but no traffic PING SSH

Well, I have followed this step-by-step, exactly:

https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/125560/sophos-xg-firewall-v18-to-aws-vpn-gateway-ipsec-connection

....and while the VPN shows "UP" in both AWS and my Sophos VPN section, I cannot PING or SSH to my test EC2 instance. In the bottom screenshot you'll see I have PING and SSH allowed from anywhere (0.0.0.0/0). I've been at it for hours, first because I mistakenly followed the v17. Even with the v17 how-to, my VPN said it was up in AWS and Sophos VPN section. Then I found v18 and thought for sure I would have success. No such luck.

At one point I got stuck at the part where I couldn't find my "xfrm" interface until I realize that little vertical blue line meant I could expand my WAN interface, thanks to THIS ARTICLE. Again, I thought for sure I would have success. No such luck again, and now I'm at a loss. 

The only difference I've noticed between my setup and the setup in the link above, is in Step 9 and Step 10, I have "xfrm1" not "xfrm2".

Anyone know where I should start with troubleshooting?



Edited TAGs
[edited by: emmosophos at 11:48 PM (GMT -7) on 26 Aug 2021]

Top Replies

Parents
  • I suppose I am ready to pay for support to find out why my setup isn't working after following the how-to's verbatim. Would I just go to www.sophos.com/.../support.aspx and click the CHAT WITH US link and go from there, or does anyone know if there's a different avenue to get support for evaluations? I just went through the setup for I think the 5th or 6th time, and while the tunnel says "UP" on the Sophos and AWS, I'm still unable to pass any traffic, so I'm white-flag'n it and will just pay to find out what I'm missing Disappointed

Reply
  • I suppose I am ready to pay for support to find out why my setup isn't working after following the how-to's verbatim. Would I just go to www.sophos.com/.../support.aspx and click the CHAT WITH US link and go from there, or does anyone know if there's a different avenue to get support for evaluations? I just went through the setup for I think the 5th or 6th time, and while the tunnel says "UP" on the Sophos and AWS, I'm still unable to pass any traffic, so I'm white-flag'n it and will just pay to find out what I'm missing Disappointed

Children