IPSec Tunnel modification - tunnels is always disconnected afterwards

XG or XGS with SFOS 19.0.1 is IPSec Site-to-Site Tunnel initiator. The other side is responder.

Issue:

Whenever I change the IPSec connection e.g. add a host or network object, change something in the securitysettings, the tunnel will terminate and not recover itself. It becomes "red".

Of course I change it on both sides - first on the XG as initiator so I do not cut off my management connection to the machine, then on the responder.

I need to connect to the remote site over backdoors or Sophos Central and re-activate the tunnel.

Why can't the machine do this itself after the change of the tunnel. It's totally senseless to me that is just fails and then sits in that failed state until an admin manually comes remote and click on the connect button.

This issue is known to me since I manage XG (SFOS 17.5) and nothing new.

Are there plans to change this?



Edited TAGs
[edited by: emmosophos at 7:41 PM (GMT -8) on 23 Nov 2022]