Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Replacement Firewall, new VPN installs do not connect

Hi all,

Sophos sent us a replacement XG 310. I registered the device to a distribution group rather than the single user the old firewall was registered to. 

I have noticed that, since doing that, new SSL VPN installs do not connect. Any thoughts?



This thread was automatically locked due to age.
Parents Reply
  • If you know, which changes you made, use Export / Import to export those modules into XML.

    Then restore your old backup.

    Restore the needed / changed modules via XML. 

    __________________________________________________________________________________________________________________

Children
  • Use the log viewer > Admin log to understand which changes you performed. Of course you do not have all the details, but at least you know the items created, modified, deleted.

    If you have a old backup, you can import the backup configuration on a XG VM, export everything as suggested by Lucar and then compare the XML files with the new exported one.

    Regards

  • Ok thank you. That is certainly an option.

     

    Is it possible to re-register the firewall as it is?

  • FormerMember
    0 FormerMember in reply to tripleview

    Hi tripleview,

    It is possible to re-register the XG firewall, but you have to de-register it first. I would suggest you to open a case with customer care to assist you with the process as it is not possible to de-register the firewall from the GUI, customer care team should be able to help you with this.

    Send an email to customercare@sophos.com, if you decide to de-register and re-register the firewall.

    Thanks,

  • Will registering the XG with the original email address fix my issue? Currently, new VPN installs do not connect but old installations continue to function.

    I could re-generate the appliance cert, but I think I would break the currently-installed client and the client would need to be re-installed for all VPN users.

  • FormerMember
    0 FormerMember in reply to tripleview

    Hi tripleview,

    I would suggest you to provide new and old user certificate detail. Please PM me the users certificate details. 

    I think your issue can be resolved by simply re-generating the default certificate of the firewall, and all the old users needs new configuration after you re-generate the default certificate. 

    Second option is re-register the firewall with the email address that was used in configuration.

    Thanks,

  • Just to provide some closure... I ended up regenerating the SecurityAppliance_SSL_CA certificate authority in System -> Certificates -> Certificate authority.

    After doing that, clients had to login to the User Portal and download a new configuration. Some had to reinstall the client. All is well now, thank you.