Internal webserver accessible from IPsec site to site through ip but not FQDN

Question

Hey guys, 
 following problem: 
 We use a Sophos XGS 3300. 
 Internal Webserver is in DMZ Zone 10.10.10.0. It has an FQDN which will be resolved to an external IP on external DNS servers and to its internal IP on internal DNS servers. 
 From LAN and SSLVPN I can access through https://FQDN and its resolved by internal IP. 
 From IPSec Tunnel on our branch office, I can't access through https://FQDN. ICMP works and its resolved to internal IP. 
 If I access https://internal.ip from branch office, it works. https://FQDN will run into an error, something regarding TLS/SSL. 
 We had Sophos SG before and it worked, not sure which setting I'm missing on the XGS v19. 
 We don't use webserver protection, access comes through NAT, if that information is needed.

Vishal_R · Answer

Hi, hwiadm Thank you for reaching out to the Sophos community team. As the server is known to you what if on the BO side you add this domain or FQDN URL in the Web exception to test and validate if that makes access over FQDN work? If it is working with an exception then may require further investigation by checking TCPDUMP, PCAP, Web proxy, or IPS Debug logs based on the error you are observing. If an exception is not helpful to make it work and it is a plain rule only with no scanning and no proxy as per your description then TCPDUMP, PCAP, and Drop on BO will help to narrow down the situation or error.

Internal webserver accessible from IPsec site to site through ip but not FQDN

Top Replies