This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Update 9.405 breaks VPN

upon installing the up2date version 9.405 I was no longer able to authenticate to my surveillance system over the CISCO/IOS Remote Access VPN. The firewall live log shows a successful connection to my surveillance controller, but the authentication itself fails. Upon rolling back to 9.404 and restoring my backup, my authentication works again over the VPN. The 9.405 update appears to break/interfere authentication over the VPN tunnel....



This thread was automatically locked due to age.
  • Hi,

    Did you capture any logs related to this matter? Always capture logs and post it in a thread before downgrading the firmware.

    It can probably help us investigate and understand the behavior.

    Thanks

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • Sometimes, an Up2Date mangles a section of the configuration and just restoring the backup from before the Up2Date will fix the problem.  The next thing to try is one or two reboots.  If all that fails, then rolling back is indeed the only option.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Same issue here. Ever since the update my site to site VPN (Sophos UTM to Sophos UTM) comes up and allows each device to ping each other but not connect. I have tried disabled all the security services and rebuilding the VPN profiles but nothing works. Logs show traffic going back and forth but nothing happens after the first packet. Rolling back to 9.404 indeed fixes the issue.

  • I am having a similar issue, perhaps. What type of traffic is it that is getting lost? In my case it is anything using SSL (https, SSH, MS remote desktop)

    TIA--Matt

  • It's hard to pinpoint why or what traffic is dropped. For instance I have a network printer I can access just fine via the HTTP web interface but my Synology NAS is inaccessible via HTTP or HTTPS. MY QNAP gives the exact same symptoms. I can also access my network AV receiver over the VPN without issue. SMB to the NAS works for the initial folder population but once I try to browse a sub folder it hangs and then times out. All logs on the UTM itself show nothing being dropped and only show the initial request I make. All security services were turned off on both sides and still nothing.

    The odd thing is it all started when I updated my remote UTM to 9.405 while holding off my local UTM since I couldn't upgrade it for a while so I know it's this update causing the issues.

  • That sounds somewhat like what I am seeing, but so far has only been HTTPS and SSSH/SSL traffic that I have had issues with. I did not have the tunnels set up before up2date made the upgrade to 9.405. Sophos support tells me that I have to reimage to downgrade? My case has supposedly been escalated but I have not heard anything for days. This is the first Sophos appliance I am using, coming from a Cisco/Juniper/Brocade background, I am definitely disappointed in the support in general. One or two of the support guys have been very helpful, but this has been going on for over a week with no end in sight. 

  • I currently use the home UTM edition on custom hardware. While it's been great nearly all around, the VPN aspect shows typical performance issues like other upcoming firewall companies. I use Cisco and Juniper at work and an old ASA5505 (heck even a 2811) blows away my skylake i3s in terms of throughput with the UTM software. Hopefully they push an update to correct the VPN issues so I can at least get traffic moving again even if it's at a slower pace than other vendors.

  • I can confirm the same behavior, I have been on a call with Qnap quite a bit to figure it out, but when connecting from a different Lan (over IPsec tunnel) to the network that holds the Qnap, i can authenticate, but then it stops. I can do a net use, but not browse. other ' normal'  fileshares on normal servers are performing fine without issues. just the Qnap is since recently not connecting anymore. the weird thing is that I can not even browse to it properly and no logs are giving any detail.

     

    I also excluded the device from http scanning, IPS, App.. all of it.. nothing worked. I have to say that I did notice recently more x.x.x.255 broadcasts returning back to the requesting user from the Qnap. and I look at the logs daily.

  • sachingurung 

    I made mistake of updating to 9.407 based on multiple VPN fix statements in the narrative, but it broke my authentication again. Based on my log search, I cannot find any indication of the problem. what logs should I post that will aid Sophos in correcting this software issue? I do not want to downgrade to 9.404 again.

    Thank you,

  • Serge, have you already tried my suggestion above?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA