I can't make sense of this issue, any help / ideas would be much appreciated because i feel like I'm taking crazy pills <insert Mugatu>
I have the following setup:
XGS 2100 Site 1 (Latest Firmware)
SG 115 Site 2
The sites are connected via IPSEC and I have servers at both sites and I can transfer files and ping with no issues.
A RED 60 at the users home is connected to the XGS. It can ping and browse / transfer files at site 1 and 2. If the user Pings anything at site 2 the RED drops and loses connection completely, I can see this in the VPN logs as RED disconnecting and reconnecting. TLDR: Ping / ICMP Traffic to remote subnet causes RED to reboot but browse and file transfer works fine?!Only thing I can think of is that the ISP has provided a /31 address.
Does anyone have an XGS with a /31 connection and is also using REDs?
There was an old issue, which sounds like this problem, which is odd, as i expect to be fixed.
Try to disable the firewall-acceleration via CLI.
Console: https://docs.sophos.com/nsg/sophos-firewall/18.5/Help/en-us/webhelp/onlinehelp/CommandLineHelp/DeviceConsole/SystemCommands/index.html
__________________________________________________________________________________________________________________
Also, check the issue with the below command :
console> system ipsec-acceleration show
console> system ipsec-acceleration disable
Regards
"Sophos Partner: Infrassist Technologies Pvt Ltd".
If a post solves your question please use the 'Verify Answer' button.
Thanks for your time Lucar and Bharat. Disabling ipsec-acceleration has fixed the problem. Is this a bug Sophos need to look into?
Hi Craig O'Hanlon
All bugs and issues are fixed on the latest firmware version as per the below link ;
https://community.sophos.com/sophos-xg-firewall/b/blog/posts/sophos-firewall-v19-mr1-re_2d00_release-build-365-is-now-available
hmm i'm running SFOS 19.0.1 MR-1-Build365
SG 115 Site 2 is Sophos UTM ?
yes that's on 9.711-5
Since how long has the RED 60 tunnel been working?
To find the root causing the issue troubleshoot is required by debugging logs with Sophos Support Team.
red.log syslog.log networkd.log
Might RED require RMA as per the logs observed?
Thanks and Regards
This setup is new and the hardware RED 60 is new, I replicated the issue with another new RED 60 so I don't think it's the RED hardware.
I was wondering if anyone has a firewall with a /31 subnet and connected REDs successfully? (I have another site with an XGS firewall and RED's on a /29 subnet with no issues.) I'll have a look through the logs above and see what i can find.
Please share current firmware version running on Sophos XG under System-->Admininstration --->Backup and Firmware -->Firmware