This problem is occurring on Sophos Firmware 20.0.2 MR-2-Build378 as well as SFOS 21.0.0 GA-Build169. The problem also occurs on an XG with a firmware of 20.0.2 MR-2.
Route Precedense has been set the following ways: static vpn sdwan | vpn static sdwan. It does not change the behavior.
When assigning Static IPS to an SSL VPN Connection for a remote User, the user is able to connect and access all network resources. We are unable to access any user in the static assigned area. Upon running traceroute from a local network resource to the VPN Client when it connects to via a dynamically assigned IP address the first HOP is the firewall followed by the second HOP being the VPN Client. When the client is in the static assigned address pool provided by the Global VPN settings the First Hop is the Firewall followed by the second HOP being the ISP Gateway; and then of course timeouts after that as it is not providing the correct route.
When in Static area:
When in Dynamic Portion of Pool:
As you can see the VPN service is not routing this correctly. Does anyone have a solution?
a
[edited by: Cameron Savage1 at 9:30 PM (GMT -8) on 22 Dec 2024]