Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 5 subscribers
  • Views 4073 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL site-to-site 9.401-11 with 9.355001 no routing

Steefph

Hi all,

we have several Sophos UTM devices connected via SSL together but the main unit has upgraded to the latest 9.401-11 and now the clients are not reachable anymore. The clients are still at 9.355001. I do read that the new 9.401-11 had some fixes for SSL-VPN routing but we never experienced any problems till this update. 

We can still see that the clients makes the connection and it also becomes green but, the routing is not working anymore. Also a tracert via the tools menu does not give any response. It is not possible to update the devices manually because they are at remote locations behind other firewalls so, they need the link to work to get the update.



This thread was automatically locked due to age.
  • 0

    Hi,

    Please post TCPDUMP logs for ICMP communication on destination IP address. For eg: if you are trying to reach server 1.1.1.1 from remote client, capture tcpdump as: tcpdump -nei any host 1.1.1.1 and proto ICMP.

    Please refer the link to understand TCPDUMP command with UTM 9.

    https://www.sophos.com/en-us/support/knowledgebase/115343.aspx

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • 0

    I'm not sure what "the clients are not reachable anymore" means.  Also, have you confirmed that the routing tables are incorrect ('Support >>Advanced' 'Routes Table')?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    The clients are UTM devices that connect via SSL VPN to the "master" UTM. This was working fine till the update. I've found out that I have to add the IP that the "Client" gets from the "master" to the Firewall rules in 2-way direction. This was not needed before the update.

    Perhaps it was working before due to an error that was part of the fixes done in the patch. Anyway, it is working again.

    Sorry for the late reply, we had a long weekend here with great weather ;)  

Unfiltered HTML