Sophos UTM: Decommissioning of obsolete URL categorization services CFFS. Click here for important info.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Internet traffic not routed from branch office through head office via site-to-site VPN


we have a head office XG135 and 4 branch offices connected with site-to-site vpns and various sophos firewalls. ( 125, 87,86 )

VPNs are working fine.

We want to route all internt traffic from the branch offices through the headoffice internet connection via the VPNs.

We followed these instructions:

So in each branch office we have a LAN-to-WAN drop rule and and the IPSec rule and inoboud_ho, outbound_ho

In the head office we have a VPN-to-WAN accept rule with the corresponding linked NAT rule. Plus of course al the rules from the site-to-site VPN ( ipsec, inbound_bo, outbound_bo )

As mentioned, all the VPNS are working fine, but when I try to access the Internet from a branch office it times out. With the policy tester in the branch office we always get a blocked message with "No matched rule (ID: 0)"

now even if I turn off the rule "lan-to-wan drop" in the branch office, I still get the "No matched rule (ID: 0)"

What did we miss? 

THanks a lot.

This thread was automatically locked due to age.