This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF real webserver is in IPSec VPN Site to Site Tunnel - Can't connect reliably

Utilizing Azure S2S IPSec VPN tunnel. Can access a VM behind the firewall just fine. Trying to setup a WAF to connect to a web application in Azure. I've gotten it to work a couple of times but it seems very persnickety. Right now, and the situation I've been fighting over for 2-3 days is that the connection seems to be nonexistent, though I've proven it can be done, it just doesn't seem to want to.

Yes, IPS and Anti-portscan is off. DNAT works the couple of times I've tried it (though it doesn't load the page properly, probably due to abspath problems). curl via the CLI worked for a while and now doesn't, for some reason. The last thing I tried that fixed was removing the connected networks that included the SG230 from those that are part of the VPN tunnel. Suddenly, things worked for a while until I tried changing the configuration of my real webservers. Now I'm broken again.

I even created a new one (I have a prod and a test web app), and the UTM 9 won't let me turn on the new one I created for some reason. Deleted and recreated everything a second time and I'm still in the same boat.

In fact, I'm wondering if I need to reboot my SG230. Restarting reverseproxy via the CLI hasn't helped either.

Any thoughts?



This thread was automatically locked due to age.
Parents
  • Hi, Kevin, and welcome to the UTM Community!

    Hopefully, your reseller will have opened a ticket with Sophos Support already.  To work on this here, please:

    1. Disable the Virtual Server.
    2. Start the Live Log and wait for it to begin populating.
    3. Enable the Virtual Server.
    4. Test your connection.

    Show us the log lines related to to the startup and test.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Hi, Kevin, and welcome to the UTM Community!

    Hopefully, your reseller will have opened a ticket with Sophos Support already.  To work on this here, please:

    1. Disable the Virtual Server.
    2. Start the Live Log and wait for it to begin populating.
    3. Enable the Virtual Server.
    4. Test your connection.

    Show us the log lines related to to the startup and test.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data