I have Sophos 106 XG, it connects four branches with SSL VPN (Working well), each branch has its real Public IP (IP fix).
Now I want to connect the fingerprint devices on four branches with server and Sophos XG 106
I created the Rule Nat bat ,no connection withe devices and server
Sorry, no external links please ...
Tell us more from your problems ...
Where do you connect the FP-reader? How do you authenticate...
Dirk
Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum PartnerSophos Solution Partner since 2003 If a post solves your question, click the 'Verify Answer' link at this post.
do you use Site2Site SSL-VPN ?
is the PC able to ping the fingerprint-server?Is the "Server AD" able to ping/reach the fingerprint-device?
Why DNAT?
Your fingerprint-devices try to reach the server over the internet?
Can you show us the firewall-rule and the NAT rule for this connection?
I have only one device Sophos XG 106 , I connected the PC on 4 branches with server Active directory with (SSL VPN) and it works finebut the fingerprint devices not support the SSL VPN,
One friend of mine advised me to create DNAT
You need Port-forwarding/DNAT at the provider-router too.
Destinationetwork should be the Sophos-external interface IP (Not the ISP-Router-IP)
Hello,
I created the Port Forwarding in Router and i changed Destination network should be the Sophos-external interface IP
but no connection
Is there another way, besides DNAT?
Thanks
In the first step, the packet from the fingerprint sensor must reach the central router.So the "server" configured within sensor must be the central public IP.The Router has to forward the packet to the sophos and Sophos XG has to forward the packet to the server.... no simple way ....i would suggest you build a simple VPN between locations using RED devices.https://www.sophos.com/en-us/products/next-gen-firewall/ecosystem
How i can Do its?
Many Thanks
do you mean reaching the server from internet ... or using a RED device?
... and PLS no forum questions via PM!
yes, reaching the server from internet
ok
1. which ip do you configure as "Server" within the fingerprint devices?
IP configure as "Server" within the fingerprint devices :192.168.1.6
How should the fingerprint devices find this IP?i support many customer networks ... and many uses this IP too.... this is a "private IP". You can't reach this IP over the internet.The only IP pointing in the direction of your server is the public IP of the central ISP-Router.So you have to use this IP as "Server IP".... and ... sorry ... i think you miss some network basics ... I think it is not possible to create these not simple connection. I would suggest you ask your local sophos partner for support
i have public ip
local subnet : 192.168.1.0/24
server AD : 192.168.1.5
server fingerprint devices : 192.168.1.5
but real ip is : 197.230.127.x
sorry ,server fingerprint devices : 192.168.1.6