This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos and Big Sur Upgrade?

I just upgraded from Catalina to Big Sur (11.0.1) and Sophos gives me an error message : "You need to change your 'Siecurity & Privacy' settings." When I do that, does not  register the change and I am caught in a loop. Is Sophos not compatible with Big Sur or are these messages wrong? Help would be appreciated.



This thread was automatically locked due to age.

Top Replies

  • 8 months ago in reply to Bryant Ly +1 verified

    Hi ,

    Did you configure the Default L2TP policy on the XG firewall with the L2TP connection? If yes, please clone it, and remove the SHA2 with 96-bit truncation and update the cloned L2TP policy…

Parents
  • Hello Geoff,

    Thank you for contacting the Sophos Community!

    What is the Sophos Product you are using?

    If it is Sophos Endpoint, then it is not supported on Big Sur for now, you can take a look at this KB

    Regards,


     
    Emmanuel (EmmoSophos)
    Community Support Engineer | Sophos Technical Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Does l2tp with Sophos XG work?

    Upon upgrade to Big Sur, I can no longer connect to work VPN that uses l2tp via Sophos XG. 

    From research Apple seems to say: 

    From Apple to the feedback. The message is below:

    Hello. We have upgraded the proposed ciphers in L2TP IPsec VPN to also propose SHA-256 for the Child SA in IPsec. The issue seems to be that the server is accepting SHA-256 cipher for the child but maybe dropping the ESP encrypted packets with SHA-256 HMAC. This may be because the server is performing a SHA-256 HMAC with 96 bits output instead of the standard expected 128 bits. This appears to be an issue for the VPN provider to resolve. Switching the SHA-256 HMAC output from 96 to 128 bits on the server should fix this issue.

  • Hi ,

    Did you configure the Default L2TP policy on the XG firewall with the L2TP connection? If yes, please clone it, and remove the SHA2 with 96-bit truncation and update the cloned L2TP policy as per the following screenshot, let us know if that resolves your issue. If it does not, we would need to check the strongswan logs in debugging on XG. 

    Thanks,

     

     
    Harsh Patel (H_Patel)

    Senior Technical Support Engineer | Sophos Technical Support
    Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' button.

  • By changing to just 256 fixed the issue. Thanks

Reply Children
No Data