Advisory: Support Portal Maintenance. Login is currently unavailable, more info available here.
Hi,
First of all i'm a beginner in Sophos UTM, so please be gentle :). I have started to use Sophos UTM for VPN capabilities and it seems that i'm stuck :(.
Details:
Active Directory
Main Office
People working from home
Using VPN SSL, users can connect to main office and can access resources.
Issue: It seems that i cannot manage anymore user's devices from main office, like AV deployment, administrative share, RDP.
Please let me know if more details are needed to fix this.
Thank you.
Hello Radu,
this catches my atttention:
WAN 192.168.0.WAN / 255.255.255.0 / 192.168.0.RG (RG - Router Gateway)
LAN 192.168.0.LAN / 255.255.255.0
You have two distinct interfaces/segments in the same IP…
Hi Radu Mirea,
Thank you for reaching out to the Community!
Did you configure a firewall rule for your LAN to the SSL VPN network?
What type of SSL VPN did you configure? Is it a split tunnel or a full tunnel?
Thanks,
Community Support Engineer | Sophos Technical SupportSupport Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts If a post solves your question use the 'Verify Answer' button.
Here's my Sophos and network configuration:
Internet - Router - Sophos - LAN
Router: 192.168.0.0/24
Sophos:
Main Office: 192.168.0.x / 255.255.255.0 / 192.168.0.RG
SSL VPN Pool: 10.242.0.0
Thank you for providing the screenshots.
Can you add a new firewall rule for your internal network to the SSL VPN network for testing and see if that helps?
I have created the rule (local network to SSL VPN) and still no connection.
You have two distinct interfaces/segments in the same IP-range. This will never work correctly, because your Sophos will not know, where to route those packets destined for "LAN=internal"
Mit freundlichem Gruß, Regards from Germany,
Philipp Rusch
New Vision GmbH, GermanySophos Silver-Partner
If a post solves your question please use the 'Verify Answer' button.
Main office has 192.168.0.0/24. I do not have any other class. If WAN will be in 192.168.1.WAN and LAN 192.168.0.LAN, it will be ok?
YES.
This means to modify entire network because 192.168.1.x cannot communicate with 192.168.0.x
I don‘t understand that.
if WAN is your transfer net from Sophos to router, where is the problem?
And of course, both private nets can communicate with each other. This can be controlled with firewall rules.
Shouldn't your WAN be a public IP address? The internal network is 192.168.0.0/24. The internal interface could be 192.168.0.1 and external your public IP. Unless I missed something.
I had to modify Router's LAN to /23 (192.168.0.0/23), change Default Gateway from RG to Sophos Gateway and apply couple of firewall rules to start working my services.