Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Version 19.0.0GA Breaking IPSEC VPN's

We have 20+ Xg and XGS's deployed. We started pushing out the mentioned version updating from 18.5.3 MR-3 Build 408. The first 2 devices we updated had all kinds of VPN issues. Users could connect but the connection speed was garbage (less than 1mbps down). Was on the phone with support for over an hour. Finally they came back and said "after conferring with his colleagues there are issues with Version 19 we recommend you rollback". We did this and all the VPN issues were resolved.

FRUSTRATING to say the least. I have reached out to our Sophos Rep regarding this and updates moving forward but so far "Crickets"



This thread was automatically locked due to age.
Parents
  • We had a similar issue this week (we're currently on 19 MR1 / 19 GA) - out of nothing some print-jobs stopped getting processed or being delayed for minutes (Terminalserver, printing in BranchOffice through IPSec Site2Site).
    Took way too much time troubleshooting including replacement of affected printer, etc. Remotedesktop, Mail, Ping - everything fine all time. Nothing that points to an IPsec/Firewall related problem.

    In the end disabling firewall- and ipsec-acceleration on both ends "solved" this for now.

    ...but how to get the right time to re-enable DPI, SSL, FW-Acceleration, IPSec-Acceleration... which might cause multiple branches having downtimes and problems again...

    Everytime having a problem in future, that might relate to network/firewall, would guide me to disable nearly anything on SFOS first.
    Not good for Security, not good for Downtimes, not good for Sophos reputation, not good for end-customer satisfaction...

    This is not what to expect from enterprise firewall / utm or how to handle troubleshooting.

  • Just to be sure: Acceleration is not a security feature, instead a performance feature. 

    __________________________________________________________________________________________________________________

Reply Children
No Data