SSL VPN connected but no trafic

Question

Hello, 
 I've setup XG Firewall in a home environment, I can connect remotely via SSL VPN, but then I can't reach any machine in the LAN despite following the steps of this guide . 
 I used to use UTM9, without an issue, at least regarding SSL VPN access. This one is giving me a headache: I can't tell whether it's a firewall policy or routing issue, or something else. 
 The XGF is a virtualized appliance (ESXi 6.0) with Port A in LAN (10.0.x.x/16) Port B in WAN (192.168.1.x/24) (I have no use for Port ,C for now). WAN is an ISP router with low firewall settings, and NAT rules for the XGF's Port B (8443/SSL VPN and 443/User Portal). 
 With the default settings, I can connect remotely but that's it. I just tried connecting an Android phone and my laptop, which get IP addresses 10.81.234.6 & .7. Neither can ping each other (guest isolation I suppose), or reach any machine in the 10.0.x.x/16 range. 
 The guide mentioned above says to create a firewall policy to allow WAN to LAN trafic for a specific user or group. But aren't remote users in the VPN zone ? I coudn't see any trafic logged with WAN as the source, but as soon as I added VPN, I did see a few KB being added, but my devices are still locked out of the LAN, or can't find their route.... 
 Currently, none of the machines in the LAN have the XGF as their default gateway. I want to have it properly configured prior to switching. It shouldn't be a problem, though (?)

BrianCarp · Accepted Answer

I suspect it's a question of having correct firewall policies, like EdDe Sousa suggests. I initially had the same problem and believe I have solved it now. At first I was not able to connect outside through the VPN, but after adding the "VPN" zone to the " #Default _Network_Policy" that started working correctly. The second issue was traffic from the VPN to LAN (and DMZ and other custom zones that I have created). When connected over SSL VPN, I was able to perform DNS lookups and access remote IPs, and could ping the appliance at its various ports (i.e. can ping to all the x.x.x.1 addresses on the ports, which I have mapped to various zones), but I couldn't seem to ping (or otherwise access) IPs within those zones/networks. First I added a blanket rule with: Source=VPN/Any; Destination={LAN,DMZ,etc.}/Any; Service=Any 
 Initially that policy was showing no reported traffic and didn't appear to be working. I discovered the rest of the answer in this discussion: https://community.sophos.com/products/xg-firewall/f/46/t/10975 The trick was that I had to create "IP Host" objects (IP ranges did not work, but hosts and networks with masks did for this purpose), e.g. create a named object for your LAN (10.0.x.x in your case), and then go to the Settings > VPN > SSL VPN (Remote Access), find your access configuration, and under "Tunnel Access" you have to add to your Permitted Network Resources all the IP Host objects that you created that correspond to the various internal networks that you want your remote VPN users to be able to access. Once I did that and applied the changes, everything seemed to be working correctly.