Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 39 subscribers
  • Views 1036 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to Log into Remote Site Sophos Web - Invalid Traffic : SFOS 18.5.2

meetjeremy

Hello All,

I have two firewalls configured on IPsec site to site.

I'm able to do ssh to the other firewall over the IPsec but i'm not able to access the Admin Portal on port 4444

These firewalls are setup in my home labs.

Both firewalls are running version: SFVH (SFOS 18.5.2 MR-2-Build380)

Network Layout: (192.168.31.0/24 (IPSec) Sophos A (192.168.31.1)) <> Internet <> (192.168.30.0/24 (IPSec) Sophos B (192.168.30.1))

Services are enabled for VPN

I'm trying to connect from my PC 192.168.31.40 (subnet A) to firewall 192.168.30.1 (subnet B) over IPsec

Traffic log:

But on performing ssh, it works

Also on telnet on port 4444 from subnet A it works.

Any reasons, why the https traffic is getting dropped/marked as Invalid traffic?



This thread was automatically locked due to age.
Parents
  • 0

    Hi meetjeremy

    I hope you have created firewall rule from LAN VPN and VPN LAN are configured and kept on Top with all services allowed on both Sophos XG ?

    check drop packet as per the below link 

    https://support.sophos.com/support/s/article/KB-000036858?language=en_US 

    drop-packet-capture 'host <ipaddress> and port <port-number>'

    thanks and Regards 

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Bharat J

    Hello Bharat,

    Yes i have the firewall rules on both ends.. I'm able to access the Subnet B network devices also. Just that i'm not able to access the firewall interface over https. Even the telnet works on the port 4444. The admin interface is not loading. Refer the telnet screenshot. Also on performing drop packet capture.. there was no rule associated to the traffic.

    This is from firewall 192.168.30.1:


    This is from firewall 192.168.31.1

Reply
  • 0 in reply to Bharat J

    Hello Bharat,

    Yes i have the firewall rules on both ends.. I'm able to access the Subnet B network devices also. Just that i'm not able to access the firewall interface over https. Even the telnet works on the port 4444. The admin interface is not loading. Refer the telnet screenshot. Also on performing drop packet capture.. there was no rule associated to the traffic.

    This is from firewall 192.168.30.1:


    This is from firewall 192.168.31.1

Children
Unfiltered HTML