Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Version 19.0.0GA Breaking IPSEC VPN's

We have 20+ Xg and XGS's deployed. We started pushing out the mentioned version updating from 18.5.3 MR-3 Build 408. The first 2 devices we updated had all kinds of VPN issues. Users could connect but the connection speed was garbage (less than 1mbps down). Was on the phone with support for over an hour. Finally they came back and said "after conferring with his colleagues there are issues with Version 19 we recommend you rollback". We did this and all the VPN issues were resolved.

FRUSTRATING to say the least. I have reached out to our Sophos Rep regarding this and updates moving forward but so far "Crickets"



This thread was automatically locked due to age.
Parents
  • Hi,

    we faced a similar issue on XG450. After disabling IPSEC acceleration, this seems to have solved at least the drop issues, but the general avg load increased, maybe it even doubled...

    Slow interaction/updates from support. Even if we had recurring interruptions and this would have been an high incident, this was set to medium by the technician. Ok, it´s much more easy for support to comply with their support schedule.

    Pretty dissappointing.

  • Hi Seroal,

    By default IPsec acceleration is disabled on all appliances except XGS. 

    XG135w_XN03_SFOS 19.0.0 GA-Build317#

    console> system ipsec-acceleration show
    IPsec acceleration isn't available on XG Series hardware, virtual, software, and cloud devices.

    console> system ipsec-acceleration enable
    IPsec acceleration isn't available on XG Series hardware, virtual, software, and cloud devices.

    console> system ipsec-acceleration disable
    IPsec acceleration isn't available on XG Series hardware, virtual, software, and cloud devices.

    can you try running this command on your XG450 and see anything different?  

  • Yes, you are right, of course we weren´t able to disable it, because it is not supported on XG. But support advised us to disable  firewall-acceleration aswell. This was the only change, we did...

Reply Children