Hey folks,
I am currently implementing a new Sophos XGS at a customers site and have some strange effects while using the IPSec VPN through Sophos Connect (have not tested any other).
When brwosing the web, some sites are not accessible (no loading and connection error after some time). While viewing some dumps I came across the fact, that the Firewall sents out ICMP fragmentation messages to the Webserver, as the response packages where too large.
So far so good, but now comes the tricky part. The IPSec interface of the Sophos Connect client has a MTU of 1400 set (default), so each client connection sends out a MSS of 1360. Everything normal until now! The ipsec0 interface of the Sophos XGS has a MTU of 1387 set, which makes no sense to me and might be the problem for the fragmentation messages, as they were sent by the firewall not my client.
Can someone explain this to me? Is this a bug, or what am I not getting here?
Thanks
Could you try to disable firewall acceleration and or ipsec acceleration first? See: community.sophos.com/.../troubleshoot-a-broken-application-in-sfos
__________________________________________________________________________________________________________________
Hi LuCar Toni, is there a way to just disable ipsec acceleration without the FastPath for SSL/TLS inspection?
Fastpath is not SSL/TLS Inspection. Actually it is not used to do it yet. So the fastpath is only a performance feature. You can deactivate it temporary to see, if this fixes the issue. Then you can see, if you are affected by the current issue with IPsec + fastpath, which is under investigation.
Oh there is a current issue. Can you tell me the NC number and if this affects only specific firmware versions? Is this issue planned to be fixed in v19 MR1?I thought SSL/TLS inspection will also be speed up by the PastPath.Also let me know, if you need any informations for your investigation.
I do not have a NC Number. You should try the commands first to see, if this helps or not.
Will do, but this takes some time, as we have a live environment here :)
Also I'd like some more informations about this issue, if you could give them to me. I did not found any entries for that in the known issues and the forum.
Disabled and now it works