We have created Site to Site VPN tunneling . Port 443 of the specified IP but cannot access the IP .
The error log say Web protection block how to fix this . I tried adding IP in exception and while list but that doesnot work
How to fix this
Thank you for contacting the Sophos Community!
Please confirm what type of tunnel you are using.I
f the UTM is blocking this IP via the Web Protection, make sure you go to Web Protection…
I assume you mean to configure an SSL Site-2-Site Tunnel.
You could use a different port, like 1443 or 9443.
You can change the port at Site-to-Site VPN / SSL / Settings / Port. Of course you need to change this on both sides.
Mit freundlichem Gruß, Regards from Germany,
New Vision GmbH, GermanySophos Silver-Partner
f the UTM is blocking this IP via the Web Protection, make sure you go to Web Protection >> Filtering Options >> Misc >> Transparent Mode Skiplist >> and add the IP under Skip Transparent Mode Destination Hosts/Nets
Also if you run the following command from the shell of the UTM, what interface does it point to?
# ip route get x.x.x.x (x.x.x.x is the IP you are trying to access)
ip : Die Benennung "ip" wurde nicht als Name eines Cmdlet, einer Funktion, einer Skriptdatei oder eines ausführbarenProgramms erkannt. Überprüfen Sie die Schreibweise des Namens, oder ob der Pfad korrekt ist (sofern enthalten), undwiederholen Sie den Vorgang.In Zeile:1 Zeichen:1+ ip route get 10.35.32.20+ ~~ + CategoryInfo : ObjectNotFound: (ip:String) , CommandNotFoundException + FullyQualifiedErrorId : CommandNotFoundException
I added the IP in the Transparent Mode skip list. We are using IPSec Site to Site VPN (IPSec Tunnel mode)
IPsec site 2 site Tunnel connection already established but still IP cannot be accessed
OK - IPsec, then.
Can you ping the IP you want to reach?
Could you supply a simple diagram of your setup and networks?
Yes I can ping the IP and ping is successful
there is no need to obfuscate private IP networks, this makes it only harder to help you.
I understand that you hide the WAN adresses, but how could we give an advice with this little info?
Again: which IP in which network do you ping?
Sorry, I am unable to understand what you wrote.
Did you run the command IP route get 10.35.32.20 on the shell of the UTM?
utm1:/root # ip route get 184.108.40.206.8.8.8 via 220.127.116.11 dev eth1 src 18.104.22.168 cache
Are you trying to access via the IP or a FQDN when you type in the browser?