Hello all,
This is a very interesting issue.
Several weeks ago, I was having a hard time setting up a VPN site-to-site using UTM 9. You can see my odyssey here
Long story short, I found out that you cannot ping from the server side of the vpn to the client side of the VPN from the UTM 9 box. It works from the server side of the VPN
Well...at the time I found out the problem - with much appreciated help from this forum, and a friend that is a SOPHOS partner - I thought: nobody will want to ping the other side of the vpn from the UTM box. Well...it turned out I was wrong.
Little diagram:
Branch Office >>>> VPN >>>>> Headquarters
Server Side of the VPN Client side of the VPN
192.168.150.0 192.168.0.0
I need to configure SOPHOS UTM on the branch office, to authenticate against a Active Directory server that resides on the headquarters. I tried configuring it under Users and Definitions/Authentication Servers and got a timeout. Then, I had the "brilliant" idea to ping the AD(that resides on the headquarter) from the branch office UTM using the webadmin ping tool. No love! I cannot establish any sort of communication with computers behind the headquarters UTM. However, I can ping fine from any computer that is behind the branch office UTM.
I know I can create a NAT on the headquarter UTM pointing to my AD server. However, I want to avoid this option at any cost.
What I checked out:
No Packages Blocked on the firewall
No blocks on the webfilter(it doesn't make sense but, I checked anyways)
No Packages Blocked on the IPS
All these options are enabled at NetWork Protection/Firewall/ICMP for both UTM boxes.
Global ICMP settings
Allow ICMP on Gateway
Allow ICMP through Gateway
Ping settings
Gateway is Ping visible
Ping from Gateway
Gateway forwards Pings
This is a very interesting issue.
Several weeks ago, I was having a hard time setting up a VPN site-to-site using UTM 9. You can see my odyssey here
Long story short, I found out that you cannot ping from the server side of the vpn to the client side of the VPN from the UTM 9 box. It works from the server side of the VPN
Well...at the time I found out the problem - with much appreciated help from this forum, and a friend that is a SOPHOS partner - I thought: nobody will want to ping the other side of the vpn from the UTM box. Well...it turned out I was wrong.
Little diagram:
Branch Office >>>> VPN >>>>> Headquarters
Server Side of the VPN Client side of the VPN
192.168.150.0 192.168.0.0
I need to configure SOPHOS UTM on the branch office, to authenticate against a Active Directory server that resides on the headquarters. I tried configuring it under Users and Definitions/Authentication Servers and got a timeout. Then, I had the "brilliant" idea to ping the AD(that resides on the headquarter) from the branch office UTM using the webadmin ping tool. No love! I cannot establish any sort of communication with computers behind the headquarters UTM. However, I can ping fine from any computer that is behind the branch office UTM.
I know I can create a NAT on the headquarter UTM pointing to my AD server. However, I want to avoid this option at any cost.
What I checked out:
No Packages Blocked on the firewall
No blocks on the webfilter(it doesn't make sense but, I checked anyways)
No Packages Blocked on the IPS
All these options are enabled at NetWork Protection/Firewall/ICMP for both UTM boxes.
Global ICMP settings
Allow ICMP on Gateway
Allow ICMP through Gateway
Ping settings
Gateway is Ping visible
Ping from Gateway
Gateway forwards Pings