Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 8 replies
  • Answers 1 answer
  • Subscribers 40 subscribers
  • Views 2286 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Home Firewall - Work VPN connects, applications don't work

Chris Barton

Hi, 

I'm currently running Sophos Home Firewall on my home network (192.168.X.X) and having trouble working from home using the VPN provided by my workplace (Cisco Duo). I can connect to the VPN ok, i receive the local IP address (10.x.x.x) and any locally installed applications and network drives are working. There are some applications that are accessed through citrix and these are not working when connected through the sophos firewall.  If i connect the same PC to a mobile wifi hotspot, the applications work perfectly, however as soon as i route through sophos, i cant access the remote applications even though the VPN is connected.

I created a firewall rule to let anything out from that mac address, but something is still being blocked. 

Any ideas where else i need to look please? I have checked logs and cant see any traffic being dropped using the local ip address as source or destination ip.

Thanks



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Erick Jan

    I have been through the documentation and it looks to be for VPN provided by the Sophos, rather then an external VPN that is traversing through the sophos.

    Is there a way i can add the mac address or IP to the rules engine so it will completely bypass the firewall? Any inbound or outbound traffic will be let through?

  • 0 in reply to Chris Barton

    Hello, 

    Can you share a screenshot of the VPN client you are using?

    You can add the following exception to the firewall rule that controls the traffic going out when the VPN is connected 

    Sign in to the CLI using Telnet or SSH. The CLI can also be accessed in the WebAdmin by going to Admin > Console located in the upper right corner.

    Choose option 4. Device Console.

    Execute the following command:

    console> set ips ac_atp exception fwrules 1,2

    Where 1,2 is the Firewall rule you want to bypass. 

    However, before doing this, I would recommend you confirm what VPN you are using, as this sounds more like a missing route in the Configuration File of the VPN  to reach the devices. ^EO

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • 0 in reply to emmosophos

    Thanks Emmanuel, I tried that but unfortunately it still didn't work. 

    It looks like the Citrix Receiver is not able to see the remote server, something in the sophos firewall is blocking it, however i don't get any denied traffic in the logs for that IP address. 

    I don't have web filtering on and i will turn off IPS and test again to see if that has an impact. Could it be something to do with DNS?  All other traffic and applications are fine, just anything that uses the citrix reciever. 

    Thanks 

  • 0 in reply to Chris Barton

    Hi,

    more than likely one of the applications/web pages does not like https decryption. If this is the case the failure does not show in the logs only by the application not running correctly on your desktop.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Chris Barton

    Hello Chris,

    You would need to ask for a packet capture when trying to access the resources to see if the traffic is getting to them in the first place.

    Can you show us the rule that you have configured for this traffic?

    Regards,

     
    Emmanuel (EmmoSophos)
    Technical Team Lead, Global Community Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
Unfiltered HTML