Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Allow 3rd Party Wireguard VPN to Access LAN ressources from offsite Server

Hello everyone Slight smile
I am struggeling with the following:

The customer has microtik router that connects via wireguard VPN to a remote Windows Server in a Datacentre.
The Microtik router is the VPN Client, the Windows Server is the VPN Server.
The employees are supposed to print from the remote Windows Server to local LAN printers.

Setup:
Local LAN 192.168.5.0 /24
VPN: 10.19.15.0 /24

in SFOS 19 I only needed to set a static route 10.19.15.0/24 with Gateway (Microtik router) on br0 to make it work.
Since upgrading to SFOS 20 the VPN connection suddenly stopped working.

Which Rules do I need to set in place, to tell the XGS that:
- Data from the VPN 10.19.15.0 are okay to access the local LAN ( logs tell me that the XGS can't associate the Microtik VPN traffic with any connection ).

Thanks





This thread was automatically locked due to age.
Parents
  • Hello Rene,

    does the mikrotik router probably do some kind of NAT?

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • Not sure how it is configured, since a 3rd Party company did the configuration. We let them check the configuration of the mikrotik router and since the VPN is working again, and I can ping the printer from the offsite Windows Server, the problem is the configuration of the Sophos.
    The strange thing to me is that some pings go threw and some get dropped (screenshot of the log)
    As you can see in the firewall configuration screenshot, I already deactivated a bunch of stuff like IPS security etc. just to make sure the problem is not caused by anything like IPS etc.

  • Hello Rene,

    the excerpt from the log you show us has tcp/9100, that is the HP printing port, not an ICMP. Did you actually test with ping?

    And believe or not: a network diagram would be very helpful, as I don't really understand your setup as well.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Reply
  • Hello Rene,

    the excerpt from the log you show us has tcp/9100, that is the HP printing port, not an ICMP. Did you actually test with ping?

    And believe or not: a network diagram would be very helpful, as I don't really understand your setup as well.

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

Children
No Data