Reflexion will be End-of-life on March 31,2023. See Sophos Reflexion EoL FAQs to learn more.
Hello dear community friends! Next, I created vpns tunnels using SD-WAN routes between the DataCenter and the Branch as shown in the image below. Both firewalls are version 19.5.0 GA-Build197
Note: They are currently disabled, as I returned to vpn for ipsec site a site due to impacting the operation.
These procedures are also applied in the DataCenter firewall.
The issue is, the branch manages to connect to the datacenter servers, but the connection drops as if the vpn had stopped. I left a ping from a branch machine on the server, but it doesn't lose packets when the connection to the server drops. Here is the print below:
I checked the conntrack command by cli to see the session of that connection, and the moment the connection with the server is lost, the session that was open is also lost. Here's the print:
Is the problem with the server connection dropping due to this? I would like your help to try to get around this situation.
Another observation, when the VPN is Site a Site this problem does not occur.
I thank everyone!
Hi Igor Alves do Nascimento
To troubleshoot the issue please try by disabling the IPsec acceleration from the console ( with option >4)of the Sophos Firewall.
console> system ipsec-acceleration show
console> system ipsec-acceleration disable
Also, it would be great if you share the VPN Policy applied on each side of Sophos Firewall and share the model number.
Thanks and Regards
"Sophos Partner: Infrassist Technologies Pvt Ltd".
If a post solves your question please use the 'Verify Answer' button.
Hello Bharat, thanks for the assistance
I did the procedure but as you can see in the print, the ipsec interference is not available for the branch firewall model which is an XG210 (SFOS 19.5.0 GA-Build197), the Datacenter firewall is virtual SFVH (SFOS 19.5. 0. 0 GA-Build197) and also not compatible:
Segue as politicas aplicadas:
Please refer Sophos Firewall: IPsec troubleshooting and most common errors
I think I have a similar problem which I am working on with sophos support.To see if you got the same problem, can you try the ipsec tunnel and instead of sdwan routes, use a static route on both xg firewalls.
Can you check if it makes the rdp connection stable?
I will take this test.
Have you had any progress in resolving the issue with sophos support?
Did you disable the firewall acceleration as well?
Hi, ipsec acceleration is not available for XG series, it's the model I have here
execute the below command for a test :
system firewall-acceleration show
system firewall-acceleration disable
Follow the command:
If the issue remains after you disable the Firewall acceleration, Suspecting the issue would from the remote network is having trouble supporting a large MSS value.
Follow the below link for the same :