![]() ![]() Why is that the case and when would I ever use 'Port 1'? I realize 'Port 1' is the specific IP address of my Sophos XG device (172.16.16.16) and not a subnet.Īnyways, appreciate the help but I'm just trying to learn how Sophos XG works. Instead, it seems that's only half the equation as you have to also have to create an IP subnet for your LAN which has to be added to the 'Permitted Network Resources' section on the SSL VPN page. In other words, the firewall rules is where I define what the VPN connection can access. Logically, I would think creating the firewall rule is where I'm telling Sophos XG what Source Zones and Source Network are permitted to which Destination Zones and Destination Devices. Where I'm confused is why it seems you need to have two separate "rules", one in the 'Permitted Network Resources' section and another firewall rule. If I disable the firewall rule I created above, I can no longer access any devices on my LAN which makes sense. I can now access all of my devices on my LAN. I went to the 'IP Host' section on the 'Host and Services' page and created a new IP Host for an IP Subnet called 'LAN' which is pictured below:įrom there, I went back to the SSL VPN setup I created and removed 'Port 1' and added 'LAN' to the 'Permitted Network Resources (IPv4)' section as pictured below:Īfter doing that, everything is working as expected. I really wish all firewall rules, even those created by other settings throughout the Sophos XG GUI, would at least show up in the 'Firewall' page but I digress. Here is the firewall rule I created (I have more firewall rules below just not pictured):Īfter doing this, I still could not access any devices on my LAN network besides my Sophos XG admin page (because I have HTTPS selected in 'Devices Access' under 'Administration', which seems to be its own hidden firewall rule. This was the issue as I'll explain below but my thinking was that Port is where the network is located so now I'll just have to create a firewall to allow access from the VPN to my LAN. Originally, under 'Permitted Network Resources (IPv4)' I had selected '#Port 1' which is what my LAN is connected to. What I'm trying to achieve is the ability to access any device on my LAN (172.16.16.0/255) from outside my the network using OpenVPN. I did create a firewall rule but the issue appeared to be with the 'Permitted Network Resources (IPv4)'. However, I still can't access the one device on my network that I need to. Free business-grade security for the home. (A single alert is the default setting.). I didn't have 'SSL VPN' checked for 'WAN' under 'Administration' -> 'Device Access'. However, you can set your Application Control policy to send only a single alert per endpoint, so you will only be alerted once about any embedded applications. That edition is gone, replaced by a 30-day free trial of the premium edition. So it appears that Sophos XG is seeing the initial connection, but it gets stuck there.ĮDIT 3: Figured it out. Sophos used to offer a feature-limited free edition that allowed you to protect up to three computers. Now the next step is figuring out why it won't connect.ĮDIT 2: Within the Sophos XG firewall under 'Current Activities' -> 'Remote Users', I can see entries when I try to connect with my iOS device but the 'Leased IP', 'Bytes Sent', 'Bytes Received' are all blank. I'm guessing if I restarted Sophos XG, it might have worked but I didn't want to take down the network. So, it seems if you change your Hostname from the 'Administration' page, it's not being applied to anything VPN related. However, when I try to connect, now I'm seeing this error message: "Server poll timeout, trying next remote entry." and eventually the connection just times out. I entered my WAN IP address there and now when I download the OpenVPN config file, it's showing the correct IP address. 17:17:05 Client terminated, restarting in 2000 ms.ĮDIT: In my VPN settings, I noticed a field for "Override Hostname". I also tried deleting and re-creating the VPN settings in Sophos XG but still the same thing. I can see in the OpenVPN log that it’s still trying to connect to my Sophos XG local address (172.16.16.16:8443 via TCP). I changed the ‘Hostname’ field to my public WAN IP address and tried redownloading the VPN configuration file but I’m still having the same issue.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |