This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos SG210, remote SSL VPN users, accessing Azure SQL via UTM to Azure IPSEC tunnel

SG210 running 9.715-3 - Transparent mode

Hello all,

I'm trying to get our remote users to be able to access our Azure/tenant SQL instance, as if coming from the office. Presently we have to whitelist a bunch of user IP addresses to let them connect to the AzSQL server.

Note: we're in the midst of migrating to XGs FWs, however it will be a good month to do so.

What I've done so far:

* Established a tunnel from UTM to Azure via IPSEC. On the Azure side I have both the office (10.225.XXX.XXX) and SSL VPN pool (10.242.XXX.XXX) connected.
* Created SNAT rules for SSL VPN Pool traffic attempting to go through the tunnel to appear as coming from the the local UTM IP.
* whitelisted Azure networks and main office IPs within the AzSQL networking side.

Users that are local can connect to the server just fine; any user that is remote at home and connected via SSL VPN receives an error saying there was a timeout trying to connect.  If we do a "What's My IP" when they are connected via VPN it shows the office's public IP.  If we whitelist their own public IP in AzSQL they can connect to SQL without issue.



This thread was automatically locked due to age.