Sophos UTM: Decommissioning of obsolete URL categorization services CFFS. Click here for important info.

SSL/TLS inspection | bridge mode | multiple local subnets | SSL connections time out

Dear community,

i think we are suffering the same problem mark57165 described in his post 'IPS Service - with no FW rules - Prevents Certain Sites from Loading'.

Our Situation:

SOPHOS XG / XGS Firewall

in Bridge Mode

no firewall rule / no SSL/TLS inspection rule for the problem connections

multiple IPv4 Subnets on the LAN side

SSL/TLS connections from one local subnet to another local subnet time out

Unsatisfying workarounds:
- disable SSL/TLS inspection completely
- stop IPS Service
- add bypass-stateful-firewall-config rules for the local subnets

Is someone facing the same problem?

Did someone find a solution?

Regards, Nicolai

Added V19.5 MR3 TAG
[edited by: Erick Jan at 9:20 AM (GMT -7) on 1 Sep 2023]
Parents Reply Children
  • Hi Raphael,

    yes, in a nice configured scenario 192.168.1.x and 2.x would be seperated by VLAN. In our tests we tested both with no difference. The problem occors if 192.168.1.x and 2.x are one the same (V)LAN and it also occors if they are separted on different VLANs.

    The router handles the routing.

    The default gateway is for both the router:

    For 192.168.1.x it is
    For 192.168.2.x it is

    I added this to the diagram:

    No, the configuration never worked without workarounds.

    The workarround, that was in use, was to add bypass-stateful-firewall-config rules for the local subnets.

    Regards, Nicolai