This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Access SSL VPN Clients from Internal Network

At the moment clients connected to the SSL VPN are able to communicate with and ping devices on the internal network. However, devices on the internal network cannot communicate with or ping devices connected to the VPN, by IP address or hostname. 

Is there a way to enable this kind of communication?



This thread was automatically locked due to age.
Parents
  • For this to work you need to do a few things:

    1. allow this traffic through a firewall rule like Internal -> any -> VPN SSL pool: Allow;
    2. make sure the remote systems are also accepting the traffic;
    3. for hostname to work you need a perfectly working DNS configuration because the remote client needs to register its new address to the DNS-server otherwise clients inside the local network can never reach the host by name. Hostname only is a broadcast-mechanism that is not working over layer 3 (routed) connection and the FQDN (dns-name) needs to be correctly updated.

    Number 3 will possibly prove to be the most challenging. In our environment we do see hostnames with their SSL VPN address in DNS but we sometimes see both the VPN address and the internal address or only the internal address and not the VPN-address or nothing at all for some of our devices that due to Covid-19 have been out-of-office for about a month now.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Reply
  • For this to work you need to do a few things:

    1. allow this traffic through a firewall rule like Internal -> any -> VPN SSL pool: Allow;
    2. make sure the remote systems are also accepting the traffic;
    3. for hostname to work you need a perfectly working DNS configuration because the remote client needs to register its new address to the DNS-server otherwise clients inside the local network can never reach the host by name. Hostname only is a broadcast-mechanism that is not working over layer 3 (routed) connection and the FQDN (dns-name) needs to be correctly updated.

    Number 3 will possibly prove to be the most challenging. In our environment we do see hostnames with their SSL VPN address in DNS but we sometimes see both the VPN address and the internal address or only the internal address and not the VPN-address or nothing at all for some of our devices that due to Covid-19 have been out-of-office for about a month now.


    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

Children
No Data