Sophos AP/APX users may experience issues registering to Sophos Central. More info available here: Central Wireless
A customer has a firewall rule that log SSH sessions from the internal network going to the external network. When an SSH session is established to an external host, there is no log in the Logviewer that it was accepted. When the SSH session is closed or terminated, only then that the SSH session will be logged in the Logviewer. The following sections are covered:
Applies to the following Sophos products and versions Sophos Firewall
This is a known behavior for the XG Firewall that the traffic will only be logged when the connection is closed. From the logging perspective, the session gets logged on connection "destroy" event, i.e. when the connection gets terminated. Even in cases where the connection gets terminated abruptly/broken, the connection will time out and once the "destroy" event is received, the session will be logged if the logging is enabled for that firewall rule.
Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues.
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.