Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos SSL VPN XGS116

Hii 

I have configure SSL VPN; this works well, and clients can connect.. The issue is that we can only access or connect to the devices or nodes that's it's gateway is the firewall IP, we other sophos GW but VPN client cannot access these until we change the gw to the one that has the ssll vpn. 



This thread was automatically locked due to age.
Parents
  • Hello Shoug,

    Thanks for reaching out to Sophos Community.

    Could you share network settings of the client/machines that can't connect when SF is not their GW? Also could you share your SSL VPN settings? 

    May you also share results of traceroute from the clients going to internal network and kindly enable logging of firewall traffic for that Firewall rule and check if there's any deny messages. 

    Regards,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • You probably shouldnt listen to me (im just passing through trying to work out other things.....)

    But I'd be running "route print" in a command prompt on the client and checking that your routes are correctly configured to route to the other device via the vpn connection.

    Im GUESSING there may be issues if you have turned off "use as default gateway"?
    Is the other subnet added to the permitted network resources?

    This would be in the actual connection settings (NOT the SSL VPN global settings)

  • Thanks Martin..

    I have turned off the "use as default gateway " do u think that I should keep it on?

    I have added our local subnet as permitted resources.

  • The "use as default gateway" only says that clients main traffic goes through the sophos too.

    Means traffic like internet will be routed over vpn, usally you want this to keep on since you dont want have your clients a open connection to a unkown/private network and your company network at same time.

Reply
  • The "use as default gateway" only says that clients main traffic goes through the sophos too.

    Means traffic like internet will be routed over vpn, usally you want this to keep on since you dont want have your clients a open connection to a unkown/private network and your company network at same time.

Children