Sophos XGS firewall Rule Configuration

Hii Community,

I configured a firewall rule for VPN to LAN connection and another for LAN to WAN connection, attaching a NAT rule with MASQ for internet access. Despite this, I could establish a VPN connection with the Sophos Connect client but couldn't perform any actions like SSH or ping.

When I removed the above two rules and created a rule to allow VPN to WAN, everything worked as expected.

Could you review my configuration and suggest any changes to ensure that my VPN to LAN and LAN to WAN firewall rules work properly?

I have attached screenshots for reference.

Thank You.

Added TAGs
[edited by: emmosophos at 4:48 PM (GMT -7) on 26 Jun 2024]

Parents

0 Mayur Makvana 2 days ago

Hello Yuvraj Singh ,

I could see that the LAN to WAN and VPN to LAN rules are proper. With VPN to LAN rule, you shall only be able to access the local resources shared.

Are you using full tunnel or split tunnel in VPN? if its full tunnel, we will need VPN to WAN rule with the NAT applied to route the internet via firewall for the VPN client.

Also, you may capture the tcpdump/drop while recreating the issue. You may paste the tcpdump and drop packet capture here for the review.

Mayur Makvana
Technical Account Manager | Sophos Technical Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Mayur Makvana 2 days ago

Hello Yuvraj Singh ,

I could see that the LAN to WAN and VPN to LAN rules are proper. With VPN to LAN rule, you shall only be able to access the local resources shared.

Are you using full tunnel or split tunnel in VPN? if its full tunnel, we will need VPN to WAN rule with the NAT applied to route the internet via firewall for the VPN client.

Also, you may capture the tcpdump/drop while recreating the issue. You may paste the tcpdump and drop packet capture here for the review.

Mayur Makvana
Technical Account Manager | Sophos Technical Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 Yuvraj Singh 2 days ago in reply to Mayur Makvana

Hello Mayur Makvana
Thanks for the quick response, I am using split tunnel. What should be the rule configurations in this case to establish connection within the same network(VPC).
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Mayur Makvana 2 days ago in reply to Yuvraj Singh

Hello Yuvraj,

Are you trying to connect the VPN from LAN network? Also DM me on chat to discuss.

Mayur Makvana
Technical Account Manager | Sophos Technical Support
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel