Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 9 replies
  • Subscribers 39 subscribers
  • Views 5717 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Internet connection failed through Firewall

Hieu Doan

Hello everyone, I'm pretty new to Sophos and have recently run into this problem.

My setup is all in VMWare: The Sophos machine is bridged directly to the internet (WAN) and it's also connected with a Windows 10 Virtual Machine (LAN)
So I expect the Windows machine can connect to the Internet through Sophos Firewall. However, I have this bizarre situation.

When I ran the Sophos for the first time (hadn't configured anything yet), The Windows Machine can go to the internet just fine. I assume that was Sophos's default configuration doing, it turned out to be true because there's a default policy that allows connection from LAN to WAN and even NAT it properly

However during the first access to the Webadmin, where you set time, Sophos ID, and all basic things. I noticed that right after I log into my Sophos ID (or somewhere around this step), the connection with the Internet dropped.

My Windows Machine can ping the Sophos Firewall, The Sophos can ping google.com, 1.1.1.1,... just fine. But there has been no connection from the Windows machine to the external network ever since the basic setup was completed.

Web Browsers on the Windows Machine return the error code DNS_PROBE_XXX (most of the time is DNS_PROBE_STARTED, but it varies), however, I doubt it has anything to do with the DNS servers since Sophos can ping them normally.

I tried to delete all the default policies and make new ones that allow LAN (any any) to WAN (any any), sometimes they work, sometimes they don't.

I'm pretty much desperate, it would be nice if anyone can give me an idea.

Thank you



This thread was automatically locked due to age.
  • 0

    Hi Hieu Doan

    I am suspecting issue with browser end have you checked with other browser ?

    Please share packet flow go to MONITOR AND ANALYZE-->Diagnostic --->Packet Capture click on Configure add "host sophos.com" and try to access https://www.sophos.com and verify traffic is getting forwarded or not ?

    Also make sure DNS service is running on the firewall under Configure -->System Services -->Services and try to restart DNS service

    Verify DNS is working on Sophos Firewall Go to Configure --->Network --->DNS and click on "Test Name Lookup" and check the result of the DNS set

    Thanks and Regards

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Bharat J

    Hi Bharat, thank you for answering.

    I have tried the things you suggested and here is the result:

    - DNS service was running fine, I restarted it just to make sure and Test Name Lookup with google.com. Everything was good

    - Changing the browser didn't help because of the following discovery

    - I don't know how to describe the packets but when I tried connecting to the internet, seems like there are only packets from the Windows machine to the firewall. No NAT or rule was used. I wonder if that's because I did something wrong with them. Here are also the policies I set.




  • 0 in reply to Hieu Doan

    Hi,

    life you only have one iso connection you do not need a linked Nat, please delete and use the default Nat, that might help you.

    ian

    XG115W - v20.0.3 MR-3 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    HI rfcat_vk. I'm assuming you're talking about this Default SNAT Ipv4. I disabled the NAT I created and the problem remains. 

    After restarting the Firewall, it allowed a small connection to go through but that's it. Back to no Internet the following moment


  • 0 in reply to Hieu Doan

    HiHieu Doan

    Please go to Configure --->network --->Interface and share the snapshot for the same  

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Bharat J

    HI Bharat J,

    It's pretty normal in my opinion, I checked the IPs and connections about 50 times, LAN to LAN is fine, WAN to the internet is okay. But the Windows machine (LAN) cannot connect with even the internet router (WAN). My guess is something on the Firewall is blocking the traffic.

  • 0 in reply to Hieu Doan

    Hi Hieu doan

    check what drop packet indicates 

    console>dr ‘host sophos.com

    Also packet capture not proper from GUI

    take console>tcpdump ‘host sophos.com

    Share the dns configured on Sophos XG and on endpoint TCP/IP properties 

    share the logs if you get SYN request gets drops ?

    Thanks and Regards 

    "Sophos Partner: Networkkings Pvt Ltd".

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Bharat J

    Hi Bharat J,

    I failed to follow your instruction on <tcpdump 'host sophos.com> or rather, the command returned nothing. Instead, I ran <tcpdump -ni any host Windows_IP> while trying to connect to sophos.com and got this result. I hope that helps with something...

    There are also packets dropped by the kernel

    These following pictures are the DNS config on Sophos and endpoint TCP/IP properties



  • +1

    Wait, I think I figured it out. It literally said "All internet traffic will be dropped" when enabling appliance_access. So all I need to do is turned appliance_access off. Pretty dumb me

Unfiltered HTML