Forward the branch office internet traffic through the head office blocks community.sophos.com

Question

Hello, 
 Perhaps someone can point me in the right direction. 
 Followed the manual &uml;Create a policy-based IPsec VPN using preshared key&uml; to setup a site to site vpn. This is working fine. 
 After following the article &uml;Forward the branch office internet traffic through the head office&uml; most of the traffic is pushed through the tunnel, i can see the HO external ip. 
 I disable all the firewall rules accept the one in the article. But i cant&acute;t reach community.sophos.com or email (smtp) is not connecting 
 The policy testers on both firewalls with the allowed result. DNS reachable. If i go to the state before forwarding the traffic the site and and email is working.

LuCar Toni · Answer

You want to perform a full Tunnel (ANY) and push data to the HQ Firewall and go from there in WAN? 
 If so, i would recommend to switch to a Route Based VPN: https://docs.sophos.com/nsg/sophos-firewall/21.0/help/en-us/webhelp/onlinehelp/AdministratorHelp/SiteToSiteVPN/HowToArticles/S2sVPNRouteBasedCreate/index.html 
 Then you create a static route for Internetv4 on BO to HQ (or SD-WAN). 
 And that should be it.

Forward the branch office internet traffic through the head office blocks community.sophos.com

Top Replies