This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM 9 and WatchGuard XTM

We recently migrated the VPN tunnels from a remote site to a WatchGuard device to our Sophos UTM. The remote site is still using a WatchGuard XTM and the tunnels come up without error. Then after a varying number of days, some of the subnets in the tunnel become inaccessible. Restarting the tunnel on the Sophos bring the connection back up.

The tunnels usually stay up for a couple of days, then 2-12 days later, something goes wrong. Looking at both the Sophos and WatchGuard logs, I am not seeing anything round the time the issues occur.

I found another post that mentions disabling PFS, which I will do, but I would like to know if anyone else has had issues between Sophos UTM and WatchGuard XTM recently?



This thread was automatically locked due to age.
Parents
  • Nothing recently that I've seen here, Tim.  Unless there's a problem with the WatchGuard, I don't think disabling PFS will have an effect.

    Making sure debug is off for both logs, can you show us about 60 lines for each site when some IPsec SAs fail?  Also, pictures from the UTM of the Edits of the IPsec Connection, Remote Gateway and IPsec Policy?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • Nothing recently that I've seen here, Tim.  Unless there's a problem with the WatchGuard, I don't think disabling PFS will have an effect.

    Making sure debug is off for both logs, can you show us about 60 lines for each site when some IPsec SAs fail?  Also, pictures from the UTM of the Edits of the IPsec Connection, Remote Gateway and IPsec Policy?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • Well, it lasted long enough that I was able to replace the watchguards with Sophos UTM devices. However, it wasn't long enough for me to say that any of the changes I made really made a difference.

    Setting up the S2S VPN with SUM was a breeze.