I am using Sophos XG v18.5 MR 4. This is my ACL matrix:
I have been following either one of these instructions to create a working remote-access SSL VPN:
_ Configure remote access SSL VPN with Sophos Connect client: https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/VPN/RemoteAccessVPN/VPNRemoteAccessSSLVPNSophosConnectClient/index.html_ Sophos Firewall: Configure IPsec and SSL VPN Remote Access: https://www.youtube.com/watch?v=wXUmWX1kDx4 _ Sophos XG Firewall (v18): How to configure SSL VPN remote access: https://www.youtube.com/watch?v=rFMD2Kb7dWA
I use OpenVPN Community Edition v2.4.12 to import and activate the .ovpn profile ( https://openvpn.net/community-downloads/ ). The remote connection has been established successfully, however I can not connect to any of the LAN resources as well as the firewall's admin page itself.
What is wrong with my settings, and (or) VPN client ? Do I have to use the Sophos client instead of OpenVPN client in order to connect ?
Thank you very much in advance.
Thank you Vivek Jagad Erick Jan very much for your enthusiasm. I will be following your advices and trying them out soon. Can the VPN still work with LAN & WAN fine even if I leave its DNS, WINS & Domain Name fields blank?
Yup J Thai it will !! Please vote up our answers if it were useful !!
Thanks & Regards,_______________________________________________________________
Vivek Jagad | Technical Account Manager 3 | Cyber Security Evolved
Sophos Community | Product Documentation | Sophos Techvids | SMSIf a post solves your question please use the 'Verify Answer' button.
Thank you so much again buddy. I have followed your & Erick Jan instructions and it finally works.
It works too well that now regardless whether I am in local or foreign networks, the VPN will work anyway. In case of me wanting the VPN to only work when I am on foreign networks, which should I do ?
Thank you buddies. You guys have made my day.
Hi J Thai,
For allowing only foreign networks, you need to edit your Permitted network resources and filter them on VPN>SSL VPN.
So that only listed will be allowed to connect on the VPN. In your case, you can edit the SSL_VPN_Remote_Access_Local or just create a new network and add it to your FW Rule and Permitted network resources(IPv4).
Erick JanCommunity Support Engineer | Sophos Technical SupportSophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS AlertsIf a post solves your question use the 'Verify Answer' link.