IPSEC Site to site conneted

After disabling NAT-Rules ... if the problem stays existent (there are no hits at the NAT rules, so i think it is not source of the problem)

Is there an additional firewall (or other restricting router) in front of one of the firewalls?  (Problems seen with Cisco - IPSec Inspection)

XGS at both locations? Which version do you run at the systems?

There is an IPSec change, which my generate problems you describe.

(Tunnel is up but no traffic through tunnel)

Yes the tunnel is up but i cant ping either ends. i have xgs at remote site and HQ all running same firmware 20.02. i dont have any rules all i have is VPN rule and Main_Lan to Wan All access rule that is all i have. so i dont know what is blocking access

"LAN bridged" ?
do you have a simple network sketch?

172.20.60.1/24 and 172.30.6.0/24 are the IP ranges on the LAN side (where the switch is located)?

Where is the Bridge?

This is the bridge   "Ipsec is not supported directly on bridge as source interface as Zone type is not applicable for bridge. "

Hello there,

Can you share the Case ID, you have opened for this issue?

Regards,

case id:01933661 

Checking on your case, I don't see any note about this; I only see in the ticket you have a scheduled call to go over your issue. Can you clarify who from Sophos did you talk to about this?

i only raised the ticket regarding my issue. Which is urgent and i need this resolved asp but i could not get a support person to assist me can you help 

Hello,

So nobody from Sophos mentioned this to you then "I had a chat with sophos and they said its because my LAN bridged that is why am experiencing this"

Regards,

For the community to better assist you we need to know what information and what has been done.

To confirm with you, it is possible to Ping across a site-to-site even if one of the sides has a Bridge configured.

In my screenshots, you can see I have a bridge configure. 

And the ping goes from the computer where the bridge is configured > to the bridge > the to the IPsec interface > through the tunnel > to the other firewall > and the computer in the other end

This is the TCPdump from the other Firewall where 10.2.0.100 is located (10.2.0.100 is located in a VLAN)


So as Mayur and Dirk mentioned, please provide packet captures of both sites from the console and or GUI, while you are pining and screenshots of both device's Firewall Rules and interfaces

For the community to better assist you we need to know what information and what has been done.

To confirm with you, it is possible to Ping across a site-to-site even if one of the sides has a Bridge configured.

In my screenshots, you can see I have a bridge configure. 

And the ping goes from the computer where the bridge is configured > to the bridge > the to the IPsec interface > through the tunnel > to the other firewall > and the computer in the other end

This is the TCPdump from the other Firewall where 10.2.0.100 is located (10.2.0.100 is located in a VLAN)


So as Mayur and Dirk mentioned, please provide packet captures of both sites from the console and or GUI, while you are pining and screenshots of both device's Firewall Rules and interfaces

When i ping either of the sites pings dont go through. The remote lan ip :172.10.10.0 and the HQ ip 172.30.10.0 . I am unable to reach either sides. i cant ping the firewall ip as well at both ends