This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Unable to print when connected to Sophos SSL VPN

Hello All,

Some of my users in Spain location are unable to print when connected to SSL VPN. 

The ping request gives "Destination not reachable" when connected to VPN and while pinging the printer. The Local printer and the PC is in the same subnet. 

I am not sure what am I missing.

Can someone please guide ?

Appreciate the help. Thanks!

Device: Sophos UTM 9



This thread was automatically locked due to age.
Parents Reply Children
    1. Sorry, I don’t understand what you mean? 
      I also forgot to mention that the printer shows offline every time they connect to VPN. 
  • Are they trying to print to a printer by DNS name or using the IP address of the printer?

    i.e., are they printing to something named like... Printer-01 (an example of a printer name), or to the IP address of a printer, 192.168.0.x?

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • They are trying to Print via name. 

    I have split tunnel enabled. The printer goes back online as soon as we disconnect VPN. My VPN subnet is 192.168.4.X and if I try to ping the printer on VPN it gets a response from VPN gateway as Destination not reachable.

  • Do you have a screenshot of the edit of the config?

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.

  • I also created a rule to allow any user from the VPN group to be able to access the local network in Spain but it still haven't worked. 

  • Pretty sure your 'Override hostname' should have your internal DNS suffix there.  I cannot reach anything by DNS name through VPN without my internal suffix in there.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • May I ask you to explain me how will an internal DNS suffix going to help in reaching out to an external network device which in this case is a printer ? Why is it that on VPN it can reach all other services like https, etc but just not a printer? 

  • Why would they be accessing an external network device if they are using VPN to access the internal network?  Now I don't understand what you are getting at with this.  The assumption here is that because they use VPN, they are accessing an internal network device.

    internal DNS suffix going to help in reaching out to an external network device

    Let's clarify:  Are you wishing the VPN users to access a printer inside your network or a printer outside of your network?  Because that statement there doesn't coincide with your original post.  You stated they were on the same subnet.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)

  • Sorry, if I wasn’t clear. The VPN users are trying to access a printer outside my network. 

  • OK so is the VPN on the same subnet and mask as well?  If so, that is most likely the issue with printing and routing will fail because it's looking for a print device on the same subnet.

    OPNSense 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz
    16GB Memory | 500GB SSD HDD | ATT Fiber 1GB
    (Former Sophos UTM Veteran, Former XG Rookie)