Hey all!
Got a baffling issue that I can't seem to resolve. I've raised a call with Sophos but they also seem stumped.
Setup a site to site VPN to Azure as documented here: Sophos XG Firewall v18 to Azure VPN Gateway IPSEC Connection - Recommended Reads - Sophos Firewall - Sophos Community
Migrated a number of servers into azure and all seem ok
VPN works perfectly fine and both sides can see each other fine. We have DCs in Azure replicating with onsite DCs. DNS is all fine and working correctly.
I had a bunch of clientless access bookmarks setup so naturally I have changed them all over to the new azure IP VNET range. After saving the configuration those RDP connections fail to connect.
When I do a packet capture on the device, i found the source IP is 169.254.0.1 which is the xfrm1 interface listed under the primary WAN connection. Naturally all the RDP sessions which work are from valid host machines with internal LAN IPs. It seems however that anything that is generated directly from the XGS appliance, the source address is 169.254.0.1
This also affects the authentication services. i have a DC in azure that I have specified as a auth server and that test connection fails.
Anyone come across this issue or how to resolve it at all?
Thanks
This thread was automatically locked due to age.