Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Firewall: v19.0 GA: Feedback and experiences

Parents
  • Had to roll back to 18.x mr3....The SSL VPN for remote appeared to be working; however some users were getting socket timeout errors when attempting to connect through the IPsec tunnel to a server on the other side. After rolling back those users were able to connect just fine. Had tried the new all in one client as well. This is what it was doing:

    SSLVPN IN ---> Out Ipsec Tunnel to Remote Server ---> Program reports Socket Time out

    on 18.x mr3

     SSLVPN IN ---> Out Ipsec Tunnel to Remote Server ---> Connection succeeds

    Has anyone else seen this issue?

    And as stated it does not affect every user and the users that are affected are running the same version of the sophos ssl vpn client as the other users. Like I said I did try Sophos Connect and it did not work. I wish they had not combined them as well; we deploy multiple user config files to the SSLvpn directory; if these are imported to Connect they all look identical and must be manually renamed. I guess lucky for us we can probably eventually just start using the generic openssl client instead of the one from sophos.

  • We had the same problem and found out that only some users are affected - users that have a configuration file generated with 17.x. Check in the VPN configuration if the affected users have the line "comp-lzo yes" and change it to "comp-lzo no". After this change SSL VPN works again. Thanks for the hours of work as this "change" has to be done on all client computers as administrator. It was 6 hours of work for 3 of my staff. Luckily only 15-20% of our clients were affected....

Reply
  • We had the same problem and found out that only some users are affected - users that have a configuration file generated with 17.x. Check in the VPN configuration if the affected users have the line "comp-lzo yes" and change it to "comp-lzo no". After this change SSL VPN works again. Thanks for the hours of work as this "change" has to be done on all client computers as administrator. It was 6 hours of work for 3 of my staff. Luckily only 15-20% of our clients were affected....

Children