Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 38 subscribers
  • Views 683 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Internal webserver accessible from IPsec site to site through ip but not FQDN

hwiadm

Hey guys,

following problem:

We use a Sophos XGS 3300.

Internal Webserver is in DMZ Zone 10.10.10.0. It has an FQDN which will be resolved to an external IP on external DNS servers and to its internal IP on internal DNS servers.

From LAN and SSLVPN I can access through https://FQDN and its resolved by internal IP.

From IPSec Tunnel on our branch office, I can't access through https://FQDN. ICMP works and its resolved to internal IP.

If I access https://internal.ip from branch office, it works. https://FQDN will run into an error, something regarding TLS/SSL.

We had Sophos SG before and it worked, not sure which setting I'm missing on the XGS v19.

We don't use webserver protection, access comes through NAT, if that information is needed.



This thread was automatically locked due to age.
Parents
  • 0

    Hi,  Thank you for reaching out to the Sophos community team. As the server is known to you what if on the BO side you add this domain or FQDN URL in the Web exception to test and validate if that makes access over FQDN work? If it is working with an exception then may require further investigation by checking TCPDUMP, PCAP, Web proxy, or IPS Debug logs based on the error you are observing. 

    If an exception is not helpful to make it work and it is a plain rule only with no scanning and no proxy as per your description then TCPDUMP, PCAP, and Drop on BO will help to narrow down the situation or error.

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link.

Reply
  • 0

    Hi,  Thank you for reaching out to the Sophos community team. As the server is known to you what if on the BO side you add this domain or FQDN URL in the Web exception to test and validate if that makes access over FQDN work? If it is working with an exception then may require further investigation by checking TCPDUMP, PCAP, Web proxy, or IPS Debug logs based on the error you are observing. 

    If an exception is not helpful to make it work and it is a plain rule only with no scanning and no proxy as per your description then TCPDUMP, PCAP, and Drop on BO will help to narrow down the situation or error.

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support
    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link.

Children
No Data
Unfiltered HTML