My gateway is not connecting

Hi Tejas,

my gateway deployment was never in a connected state. Time settings are in sync. 

I think indeed there is a problem on the upstreaming firewall.

I can reach everything except:

1. *.amazonaws.com

2. production.cloudflare.docker.com

3. ztna.apu.sophos.com:22

I try to get in contact with someone who can whitelist those URLs.

After that get back to you.

Thx

Sure thing. 

I did a seperate rule on my sophos xg for allowing https services from LAN and my ZTNA IP to WAN.

Am I right? Or do I have to put those URLs into my exceptions listings within web protection?

As long as the above mentioned URLs are reachable from the ZTNA gateway, that should be fine. 

Above mentoined URLs are all white listed as per Protect -> Web->  Exceptions and tested per Diagnostics -> Policy Test.

There is a firewall rule allowing Source zone LAN with Source network and devices IP address of ZTNA-Gateway all the time

traffic to Destination zone WAN Destination Network any with services HTTPS.

My ZTNA Gateway gets desired IP Address and MAC, ZTNA Gateway is reachable via ping, nslookup is fine so DNS is working too.

But it doesn´t show up in Central, so that I can´t approve deployment.

You might want to try and reload the image onto the VM and restart the VM. 

Tried this several times.

Propably something wrong with my certificate which I generated on my own private CA.

Both, certificate and key are not displayed when I go for editing my Gateway in the edit option field.

You can recreate the gateway and give it a try , if you can provide a screen shot of your VM network info in ESIX that would be helpful. As far as certificate is concerned that is not a problem as i also generated on my own private CA

This is what it looks like when it is working .