Hi all,
Shall we start this new thread with the looks and feels of XG v18 MR-3?
community.sophos.com/.../xg-firewall-v18-mr3
This thread was automatically locked due to age.
Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.
Hi all,
Shall we start this new thread with the looks and feels of XG v18 MR-3?
community.sophos.com/.../xg-firewall-v18-mr3
Hi,
please check the IPS report in the GUI. Ia the throughput reduction only on one application or all internet access?
Ian
XG115W - v20.0.3 MR-3 - Home
XG on VM 8 - v21 GA
If a post solves your question please use the 'Verify Answer' button.
Hello Argo,
the lifetime of Phase I and Phase II keys cannot be the same. The key life for Phase I is recommended to be at least twice as long as for Phase II.
Personally, I use a lifetime 7800 seconds for Phase I and 3600 seconds for Phase II. It is important that the lifetime for Phase II is not an integer multiple of the lifetime for Phase I. In this case, the multiple is 2.166666666666667.
Try these times and I think the IPsec tunnel will be stable and functional.
The setting for Dead Peer Detection has no effect on the stability of the IPsec tunnel in this case.
Regards
alda
I will try this, although would the disconnect happen after 8 hours or the time on the DPD?
XG & UTM Architect (Systems: XG v18 & UTM 9.7 - Virtual, HW & SW)
Curious enough to take it apart, skilled enough to put it back together, Clever enough to hide the extra parts when I'm Done!
Hi Argo
Most of your settings are the same as mine, with the exception of some of the timeout values.
The main difference I can see is in your IPSec policy - Dead Peer Detection. If I understand correctly, with no traffic, this will cause your VPN to disconnect. Maybe try disabling and see if that resolves your problem.
BTW, I feel your pain with Sophos Support - I can't get Radius authentication to work across my VPNs since replacing a Sonicwall with an XG. Response from support has been appalling!