Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 38 subscribers
  • Views 12241 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN and Dynamic DNS dont work in Bridge Mode

Ocha

Hello. I have been experimenting with Sophos XG in ESXI environment. I have it set up with 3 vSwitches (LAN, DMZ, WAN). DMZ and WAN are bridged so computers on DMZ can have external IP (same subnet as XG WAN port). For some reason, now VPN profile doesnt have gateway IP in it for connecting (it only lists LAN interface IP as a remote) - so they are not working on OSX with tunnelblick. Also, gateway IP is not available in DynamicDNS configuration. If I remove bridge, then everything works correctly.

I also receive Gateway came up email and it is missing actual bridge ip for the firewall. 

Gateway: WAN_DMZ_GW
Gateway IP address: 192.168.0.1
Gateway Interface: WAN_DMZ


Does XG not recognize Bridge as WAN port? I have included screens for current configuration below.



This thread was automatically locked due to age.
Parents
  • 0

    Seems like an actual bug to me? Anyone ran into similar issues?

  • 0 in reply to Ocha

    For passing traffic, the XG in bridge mode is just a layer2 device, so it doesn't come as a surprise to me that you can't terminate VPNs on the XG.
    Passing through VPN traffic should be possible...with proper firewall rules in place.

  • 0 in reply to sixteen again

    Im not talking about terminating VPN on XG. Im talking about XG IP assigned on Bridge Interface not being available in DynDNS and VPN Config file (that gets downloaded from user portal). I can manually edit the VPN config file and add XG IP assigned to Bridge as a remote and it connects without problem. I can ping that IP and connect to XG Admin and User Portal on that IP (one assigned to Bridge Interface).  

    If i was to delete Bridge, and assign same IP that Bridge had to the WAN interface, then that IP will show up in DynDNS and VPN config files.

    Please look at the screenshot above for DynDNS configuration. Interface dropdown is empty - there is nothing to select even though FW has WAN IP. 

Reply
  • 0 in reply to sixteen again

    Im not talking about terminating VPN on XG. Im talking about XG IP assigned on Bridge Interface not being available in DynDNS and VPN Config file (that gets downloaded from user portal). I can manually edit the VPN config file and add XG IP assigned to Bridge as a remote and it connects without problem. I can ping that IP and connect to XG Admin and User Portal on that IP (one assigned to Bridge Interface).  

    If i was to delete Bridge, and assign same IP that Bridge had to the WAN interface, then that IP will show up in DynDNS and VPN config files.

    Please look at the screenshot above for DynDNS configuration. Interface dropdown is empty - there is nothing to select even though FW has WAN IP. 

Children
Unfiltered HTML