This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Intercept X (Endpoint), Sophos XG and iBoss Web Filtering

* Posting here as it touches multiple Sophos products *

We currently have a client that are experiencing significant issues since early last week whereby users of the VPN are being intermittently disconnected and a 'cypher' error detailed within the Sophos Connect client log.

For clarity, they have Sophos Intercept X deployed on all endpoints, and use Sophos Connect to access the corporate network via VPN. The VPN has a split tunnel configuration, with all traffic not destined for corporate internal IP addresses 'sent out' via their local internet breakout, with the traffic protected by iBoss Web Filtering.

Within the local network there have been no changes, and up until this point both Sophos and iBoss have been unable to identify root cause. From initial testing, disabling the iBoss Service appears to 'resolve' the issue. This has been fed back to iBoss, and in turn they said that 'there is an outstanding issue with iBoss and Sophos AV that we are waiting on Sophos to resolve'. Now I don't know how true this is, but is anyone else using this, or a similar, configuration and experiencing similar issues?



This thread was automatically locked due to age.
  • Hi Ian,

    Out of interest, are you still experiencing the issue? If so, does disabling Network Threat Protection within Sophos ‘resolve’ the issue? We’ve been doing some testing and this doesn’t temporarily resolve it, so wondering if there is a further Sophos issue that feeds into their wider iBoss compatibility issue. 

  • Tom,

    Yes, we are still experiencing the issue, and no, disabling network threat protection doesn't appear to resolve the issue.  We have had to temporarily disable the iBoss service on all our machines, which is obviously not ideal.  In my testing, even if I disabled all Sophos services via the endpoint client on a test machine, the issue persisted.  The only thing I could do on the Sophos end of things that would temporarily resolve the issue was uninstall it from the test machine.

    Thanks,

    Ian

  • Actually, just discovered something that makes me feel a little silly.  If you turn off the service via the endpoint agent (after turning off tamper protection), it doesn't do anything; HOWEVER, if you then go and stop the Sophos Network Protection Service via services.mmc (or CLI), that DOES temporarily resolve the issue.  Not sure why I never thought to test that way.

  • Add us to the list that it's affecting.  I've been living with, but decided to tackle it today.  I have added the exceptions, but haven't tested fully.  Would be nice if it was just fixed in the product itself.

  • If the workarounds are not effective, I suggest opening a case with our support team. A test build is available currently, but the same changes will also be included in the Core Agent 2022.3 release. 

    Kushal Lakhan
    Team Lead, Global Community Support
    Connect with Sophos Support, get alerted, and be informed.
    If a post solves your question, please use the "Verify Answer" button.
    The New Home of Sophos Support Videos!  Visit Sophos Techvids
  • I just want to provide an update on our situation.  Today, Sophos released an update, 2022.3, which was supposed to fix the issues with iBoss and Sophos Network Threat Protection.  However, after testing, only one of the issues seems to be resolved.  We can now download large files via a web browser.  The list of things that are as yet unresolved is:

    Getting errors when trying to open synced files in a user's OneDrive.

    Getting a "Security Certificate was revoked" for outlook.office365.com message when opening Outlook.

    Getting an error when trying to update an iOS device via iTunes if an update needs to be downloaded from Apple's servers:  "There was a problem downloading the software for the iPad.  An unknown error occurred (0x80090330)."

    Microsoft Teams will not open if it is the first time opening it after installing.  It gets stuck in a loop of trying to open and then crashing after the user logs in.

    I should also mention that it seems like the Sophos update fails unless NTP or ibsaService is turned off while updating.

  • Forgot to mention that the VPN issues are also still present.  If Sophos NTP and iBoss ibsaService are both running, VPN disconnects every couple of minutes.

  • As of today, Sophos finally gave us a special update that seems to have fixed all the issues for us.  I had to reach out to Sophos Support again after I saw an email about the Web Performance Optimization rollout in 2022.4.1, and they then told me how to set it up.  So far so good!  If only it hadn't taken 6 months to get a fix...

  • We have just pushed out the iBoss Connector on our teacher MAC Books and now running into this same issue. I wonder if they fixed anything for us MAC users...