I have setup a ZTNA gateway on a VMWare ESXi using the instructions mentioned in ZTNA setup . But I am not getting a home page to login
This thread was automatically locked due to age.
I have setup a ZTNA gateway on a VMWare ESXi using the instructions mentioned in ZTNA setup . But I am not getting a home page to login
Hi
Check your ESIX deployment if you are using VMWare . The VM should have an ip 10.* showing on your console . Also check the ISO image is always connected . Follow these steps
1. Create your gateway in central
2. Download your image
3. Add the VM
4. Attach the image
5. Before you start verify the ISO is attached
6. Start the VM .
7. Give it 5 min and see if the ip that i mentioned is showing . if not check if your ESIX server has internet connectivity
8. Give an hour for the gateway to sync and approve button to be enabled
I did a seperate rule on my sophos xg for allowing https services from LAN and my ZTNA IP to WAN.
Am I right? Or do I have to put those URLs into my exceptions listings within web protection?
As long as the above mentioned URLs are reachable from the ZTNA gateway, that should be fine.
Above mentoined URLs are all white listed as per Protect -> Web-> Exceptions and tested per Diagnostics -> Policy Test.
There is a firewall rule allowing Source zone LAN with Source network and devices IP address of ZTNA-Gateway all the time
traffic to Destination zone WAN Destination Network any with services HTTPS.
My ZTNA Gateway gets desired IP Address and MAC, ZTNA Gateway is reachable via ping, nslookup is fine so DNS is working too.
But it doesn´t show up in Central, so that I can´t approve deployment.
You might want to try and reload the image onto the VM and restart the VM.
Tried this several times.
Propably something wrong with my certificate which I generated on my own private CA.
Both, certificate and key are not displayed when I go for editing my Gateway in the edit option field.
You can recreate the gateway and give it a try , if you can provide a screen shot of your VM network info in ESIX that would be helpful. As far as certificate is concerned that is not a problem as i also generated on my own private CA
This is what it looks like when it is working .
You´ve got a second NIC with IP 10.42.0.1 why is this?
That is something internal to gateway . It will help you know that it is connected
That is something internal to gateway . It will help you know that it is connected
Do you have checked the NTP Service is linked to the VM?
__________________________________________________________________________________________________________________
@Sophos User5771 where to you put the configuration of the 2nd NIC to ztna-gateway config as I know within in the setup process you can give only one IP Adress to zntn-gateway config?
@LuCar Toni you mean within ESXi?
That IP will be automatically configured by the gateway . We specify only one IP when we setup the gateway.