Sophos UTM: Decommissioning of obsolete URL categorization services CFFS.Click here for important info.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Site-toSite VPN cannot access XG on remote site using normal 4444 port.

I have set up a iPsec VPN between 2 sites (Site A 192.168.99.x, Site B 192.168.1.x)

The VPN works fine and I can access servers on SITE B from SITE A via RDP connections using local IP's

However If I try to access the XG device at SITE B ( from SITE A it will not connect. - I have also found other connections on SITE B are also not found including the Sophos Firewall Manger device (hardware). I can ping these device with no problem from SITE A -> SITE B - very strange ?


Running ( XG210 (SFOS 17.1.1 MR-1) )

This thread was automatically locked due to age.
Parents Reply Children
  • Maybe i can provide some kind of Workaround.


    Let me paint the picuture.


    Client with Browser - Router - Ipsec Tunnel - XG - Webadmin Interface(



    On The Router (SG / XG / Whatever), i apply following iptables command. 

    iptables -t mangle -I POSTROUTING -d -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 900


  • Hi,


    It's seems to work when I apply a 900 MSS on the LAN Interface.


    So now, what's the impact on the trafic or anything else if I let this like that ?