Sophos Intercept X (Endpoint), Sophos XG and iBoss Web Filtering

* Posting here as it touches multiple Sophos products *

We currently have a client that are experiencing significant issues since early last week whereby users of the VPN are being intermittently disconnected and a 'cypher' error detailed within the Sophos Connect client log.

For clarity, they have Sophos Intercept X deployed on all endpoints, and use Sophos Connect to access the corporate network via VPN. The VPN has a split tunnel configuration, with all traffic not destined for corporate internal IP addresses 'sent out' via their local internet breakout, with the traffic protected by iBoss Web Filtering.

Within the local network there have been no changes, and up until this point both Sophos and iBoss have been unable to identify root cause. From initial testing, disabling the iBoss Service appears to 'resolve' the issue. This has been fed back to iBoss, and in turn they said that 'there is an outstanding issue with iBoss and Sophos AV that we are waiting on Sophos to resolve'. Now I don't know how true this is, but is anyone else using this, or a similar, configuration and experiencing similar issues?

  • Tom,

    We are experiencing similar issues, but we use the FortiClient VPN client.  It seems to have started mid-week last week.  Other things have also been affected, though, including:

    Getting "Failed - Network error" when attempting to download large files from SharePoint Online/OneDrive (also accompanied by "Windows Defender SmartScreen is downloading from OneDrive" notification in Windows.

    Getting errors when trying to open synced files in a user's OneDrive.  One of the errors we've seen is "The cloud operation was not completed before the time-out period expired."

    Getting a "Security Certificate was revoked" for message when opening Outlook

    All these issues seem to be temporarily resolved by stopping the IBSA service, but only occur if Sophos is installed and updated.  The versions we have observed are:

    IBSA Version: 5.3.120
    Sophos Core Agent: 2022.2.1.9
    Sophos Intercept X: 2022.1.1.11
    Sophos Endpoint Protection:
    Sophos Device Encryption: 2022.1.0.58
    Sophos XDR: 2022.2.1.9

  • I just want to provide an update on our situation.  Today, Sophos released an update, 2022.3, which was supposed to fix the issues with iBoss and Sophos Network Threat Protection.  However, after testing, only one of the issues seems to be resolved.  We can now download large files via a web browser.  The list of things that are as yet unresolved is:

    Getting errors when trying to open synced files in a user's OneDrive.

    Getting a "Security Certificate was revoked" for message when opening Outlook.

    Getting an error when trying to update an iOS device via iTunes if an update needs to be downloaded from Apple's servers:  "There was a problem downloading the software for the iPad.  An unknown error occurred (0x80090330)."

    Microsoft Teams will not open if it is the first time opening it after installing.  It gets stuck in a loop of trying to open and then crashing after the user logs in.

    I should also mention that it seems like the Sophos update fails unless NTP or ibsaService is turned off while updating.

  • Forgot to mention that the VPN issues are also still present.  If Sophos NTP and iBoss ibsaService are both running, VPN disconnects every couple of minutes.

Reply Children
No Data