I followed this KB: https://support.sophos.com/support/s/article/KB-000036980?language=en_US
The VPN tunnel is up and working, I can ping my on-prem from Azure, but I can't ping the Azure VMs from my LAN.
VM firewall is already disabled.
The VPN Setup already created the 2 firewall rules.
What I am missing?
I am using Sophos XG v18, and this kb is for v17. I dont know, maybe something is missing.
I appreciate any help.
Thank you for contacting the Sophos Community!
Are you able to see the packets leaving the ipsec0 interface going to your Azure?
Please use the GUI packet capture to check.
Make sure you have set the correct exceptions on the Azure side for the subnet of your XG LAN.
Better move to Route based VPN via VTI. This should be better for a connection to Azure.
As far as i know, there is no howto "yet".
But you need to perform this via BGP. Sounds complicated, but it isnt.