Allow Sophos Connect connection through local XGS firewall

Question

Hello, 
 
 Company A 
 Site A 
 (public ip aaa.aaa.aaa.aaa) 
 XGS 116 with remote access VPN configured

Company B 
 Site B (public ip bbb.bbb.bbb.bbb) 
 XGS 2100 with remote access VPN configured 
 
 How to allow pc with Sophos Client installed on site B to connect to site A (using vpn client). I have profile imported and VPN works but not when I'm behind local XGS firewall. I don't need site to site, only one client from site B to able to connect to site A from time to time. 
 
 I get error 
 no response from gateway : aaa.aaa.aaa.aaa

dirkkotte · Accepted Answer

You need the firewall rule, because the application-filter must be bound to a firewall rule. 
 But if you allow (IKE)UDP500+IPSEC-NAT(4500) you don't need an additional application filter.

Wayne Folta · Answer

Look at your App Control, which is probably blocking VPNs, which people often use to bypass your App Controls. You should find Application Logs indicating this. 
 Is the PC at Site B well-known or a particular user? You could have a higher-up firewall rule to allow that user (or clientless user) through with less (or no) App control.

Allow Sophos Connect connection through local XGS firewall

Top Replies