This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Firewall v18 AWS site-to-site VPN connected but no traffic PING SSH

Well, I have followed this step-by-step, exactly:

....and while the VPN shows "UP" in both AWS and my Sophos VPN section, I cannot PING or SSH to my test EC2 instance. In the bottom screenshot you'll see I have PING and SSH allowed from anywhere ( I've been at it for hours, first because I mistakenly followed the v17. Even with the v17 how-to, my VPN said it was up in AWS and Sophos VPN section. Then I found v18 and thought for sure I would have success. No such luck.

At one point I got stuck at the part where I couldn't find my "xfrm" interface until I realize that little vertical blue line meant I could expand my WAN interface, thanks to THIS ARTICLE. Again, I thought for sure I would have success. No such luck again, and now I'm at a loss. 

The only difference I've noticed between my setup and the setup in the link above, is in Step 9 and Step 10, I have "xfrm1" not "xfrm2".

Anyone know where I should start with troubleshooting?

This thread was automatically locked due to age.

Top Replies

  • I suppose I am ready to pay for support to find out why my setup isn't working after following the how-to's verbatim. Would I just go to and click the CHAT WITH US link and go from there, or does anyone know if there's a different avenue to get support for evaluations? I just went through the setup for I think the 5th or 6th time, and while the tunnel says "UP" on the Sophos and AWS, I'm still unable to pass any traffic, so I'm white-flag'n it and will just pay to find out what I'm missing Disappointed

  • Hello,

    I could send you screenshots of my configuration via PM, if you would like then you can compare them with yours. I don't believe the issue is with the XG but rather on the AWS side since we can see the pings leaving the tunnel, (I would double-check this again with all the changes), Sophos would only troubleshoot the XG side, so I would be checking with AWS for them to double confirm your configuration for the VPC.

    I forgot to ask what type of Ec2 are you deploying?

    Do let me know if you want me to share my configuration. 

    Support for evaluations is only provided by the community.


    Emmanuel (EmmoSophos)
    Community Support Engineer | Sophos Technical Support
    Sophos Support VideosProduct Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.
  • Hi , if you don't mind I would greatly appreciate the screenshots. My trial is about to end on the Sophos and we're trying to get the production firewall in place by the end of the week, and I've been stuck on this one thing for weeks Sweat

Reply Children