I just switched from OPNSense due to issues with PPPoE and XG worked beautifully to connect to my ISP first try, my entire LAN works marvelously.
I have setup SSLVPN, gone through every forum post I can find but no dice.
Port 1: ESX Vswitch - LAN - 10.10.10.0/24
Port 2: ESX Vswitch - ISP - (Public IP)
VPN : 10.81.234.5-30 .5 is gateway
I can use the XG interface and ping devices on my lan.
I can connect to the VPN successfully, routes are created on the client (tried both openvpn and Sophos client)
I *cannot* ping the VPN internal gateway from the client (10.81.234.5 from the .6 DHCP address) nor can I access any other resources.
I have created the firewall rules VPN - LAN and reverse as well with any/all permitted.
I have confirmed I don't have a specific interface assigned on the permitted networks.
I don't see firewall traffic denying the VPN.
I have enabled ping on the internal interface of the XG and I can't ping my printer and I swear I could ping it from Neptune, so it has no host restrictions etc.
I believe I have checked every post on the topic in the last 5 years.
My last headache, I can access the admin interface but I'm across the country from the unit itself so I can't SSH ATM. I read about how easy this was so I just turned it on and went on my trip.
Now I'm stuck unable to connect into my network.
ONE thing I made work, was changing my LAN port to /8 as a test and I was able to access non-dhcp devices, so I appear to have a routing issue - at least that's my theory. I returned it to /24 and I couldn't connect to anything.
Hi Adam Abernethy
Thank you for reaching out to the Community!
Could you please run a packet capture on the firewall and provide the screenshot? Run packet capture on the source IP address.
Follow the KBA to run packet capture form GUI: Sophos XG Firewall: How to monitor traffic using packet capture utility in the GUI.
Community Support Engineer, Support & Services | Sophos Technical SupportSupport Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts If a post solves your question use the 'Verify Answer' button.
Thanks H_Patel turning on packet capture made something start working. No idea why it is working now when it wasn't when I posted this.
I can now access any DHCP device, which is perfect.
Next step - why isn't my 'Default Tunnel' working. Any pointers? I have "Default tunnel" enabled but I am not getting DNS responses and using 'What is my IP' services I am showing my current location and not the firewall location.
Also - those requests aren't showing up in the same packet capture below (I tried Google and a few others - not even trying through VPN).