Hello all,
we are using XG Firewall version 18.5 together with Sophos Connect.We work with terminal servers, the employees connect to the Sophos Connect and then access our RD servers via RDP. Our environment is divided into several farms and servers, a broker assigns this accordingly.When the employees are connected to the Sophos Connect, regardless of whether with IPSec or SSL, there are always irregular disconnections in the RDP session. The message reconnecting is then displayed and an attempt is made to re-establish the RDP connection. After a few seconds the connection is restored. However, these disconnections occur again and again at irregular times.
Do any of you have the same problem or know what could be the reason?
Thanks already and many greetingsAndre
Hello Andre221,Thank you for reaching out to the community, can you please provide us the screenshot of the VPN to LAN rule on Sophos.Also perform a packet capture from the diagnostics during the time of disconnection: https://support.sophos.com/support/s/article/KB-000035761?language=en_USTo see if it causes any violation !!Also perform a tcpdump packet capture and observe until the disconnection occurs: https://support.sophos.com/support/s/article/KB-000037007?language=en_US
Thanks & Regards,_______________________________________________________________
Vivek Jagad | Team Lead, Global Support & Services
Sophos Community | Product Documentation | Sophos Techvids | SMSIf a post solves your question please use the 'Verify Answer' button.
1. This didn't occur while using the "old" open-VPN-Client??
2. try to disable Port 3389 UDP, so RDP has to stay with TCP 3389 -- may be detected as "UDP-Flood"
Dirk
Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum PartnerSophos Solution Partner since 2003 If a post solves your question, click the 'Verify Answer' link at this post.
I have the exact same Problem with a customer but we are using V19 and the new Connect Client 2.2
When I connect with the "old" VPN-Client this also occurs but less frequent.
We do not have any UDP-Flood set up on our Firewall so there should not be a problem with that right?
What can I do to fix this issue?
I would still try to see if disabling 3389 UDP brings any improvement.
Otherwise, you should capture a wireshark-trace and analyze the root cause...
Hi all,
What was the outcome of this issue? I may be facing a similar issue.
Was there ever a reply from Sophos Support to you on this? We are experiencing the same issues with V19, and the new Connect Client, 2.2, and did have this problem using SSL VPN in the past prior to the new connect client (we are now IPSEC).
I have an open ticket with Sophos Support and we are about to do several putty sessions to the firewall and another packet capture (which has alread been done and FTP's once) with no luck. This is becoming a very visible issue in our organization now.
Do you tried to disable UDP 3389 already?
... may help but got no feedback before.
You could try to disable Firewall Acceleration and/or ipsec acceleration. Or update to V19.5 GA.
__________________________________________________________________________________________________________________
Upgraded firmware current, 19.5, Sophos verified this is not UDP flood, disabled firewall acceleration, provided Wireshark captures during disconnects, and a pcap capture on the firewall side that has been provided to Sophos support.
Yesterday, I was asked to (by Sophos Support)
1. Disable Firewall acceleration (again)
2. Run command set vpn conn-remove-tunnel-up disable
Because I have IPSEC tunnels up with another hospital for after hours support, I asked for clarification on what the command actually does. My reply was to try it "after hours" in case there is an impact.
The ticket is now with our account rep.
Thx
The command you are listing above is per default disabled in newer installations. You find more information here: https://docs.sophos.com/releasenotes/index.html?productGroupID=nsg&productID=xg&versionID=19.0