We'd love to hear about it! Click here to go to the product suggestion community
Its probably overkill, but I have 2 XG230s. One at one site, one at another.
The XG that is in the same site as the FM connects, and stays connected.
The one in the remote site, says all the tests are fine for authentication etc, but then after a few minutes reports as disconnected.
I currently have FM so it is not public facing, and the remote XG reports in over the IPSec Site to site vpn.
I know the VPN is solid as I have pings running continuously and its as solid as a rock.
Should I have the FM publicly accessible, and refer to the XG's publicly, or should I be able to keep it all 'inside' our network?
It is not mandatory to have SFM publicly accessible.But XG device should be able to communicate with SFM.
XG device is configured in which synchronization mode in Central Management Settings page?
In reply to RaviPatel:
Im also having the same issue. The VPN is working well since all other services are working on VPN. But this one is failing over the VPN.
Is there any firewall rule needs to be set up?
Or is it a bug?
In reply to Antonio Annoson1:
Are you able to ping SFM local interface ip from XG device local interface through vpn tunnel?
Please check Log viewer > System > Central Management logs. Please check XG device is sending the HB packets to SFM or not.
Ping works as following
Location A PC - Location B PC #Ping working fine#
Location B PC - Location A PC #Ping working fine#
Location A Firewall - Location B Firewall #Ping not working#
Location B Firewall - Location A Firewall #Ping not working#
Any idea how to resolve this issue?
I am suspecting connectivity issue between XG and SFM through tunnel.
Heartbeat : SF devices send periodic heartbeat at every 1 min with appliance key and set Sync Flag in SFM/CFM and SF for sync state.
If it is not working through IPSec site to site tunnel then please create SSL VPN site to site tunnel between XG and SFM and check the status of the issue.
Hi yes, you correct there is an error message.
is there anything that we can do than the SSL VPN.
Because the site to site IPSec tunnel is working perfectly. even can ping end to end.
Only thing is that we can ping from the Sophos firewall to the other location.
Any rule needs to be configured?
Rule is already created, because of that ping is working from local pc to remote pc and vice versa.
Try to initiate interface based ping from XG console to SFM (where interface should be ipsec local network interface).
Please provide me topology detail with IP diagram.
yes, ping working from PC to PC. only from the firewall that I cant ping anywhere. is this a bug in the XG firewall?
Below is how the network is with the XG firewall and the SFM. sorry didn't have Visio installed so got it done on excel.
Only from the firewall that I cant ping anywhere. is this a bug in the XG firewall?
--> No , It is not a bug.
I suggest you to contact Sophos Support.