Failed to Load Connection

Hi Brian,

Thank you for reaching out to Sophos Community.

Have you tried to use any how-to videos, documentation, Sophos Assistant, or KBA to try to check the issue?

Kindly try to check the following KB for reference: 

https://docs.sophos.com/nsg/sophos-connect/help/en-us/AboutSophosConnect/Troubleshooting/EventErrors/index.html

You may also try to check the following older post, kindly check the user portal configuration.

 Connect client provision file 

Yes, I have searched hi and low. Including reloading the Profile, reinstalling, etc. The most difficult thing about is that these users/computers can be working fine for months and then just start getting the message. The only thing we have found the fixes is is opening the user portal on the wan or having the user/computer on site hardwired.

Can you verify that it should not be necessary to have to open the user portal on the wan to resolve such an issue? We can close the user portal right after we get the user/computer connected.

Hi Brian,

The provisioning file requires the user portal to be available by the WAN.

Allowing User Portal on the WAN is a pre-requisite for configuration. 

Hi Brian,

The provisioning file requires the user portal to be available by the WAN.

Allowing User Portal on the WAN is a pre-requisite for configuration. 

Ok, sorry, still not sure I am following.

Why would everything be working for all users most of the time but all of a sudden a user will get the error message?

In some cases it seems to be certain users more frequently than others.

Is there something causing a need for reconfiguration?

I believe we keep the portal closed on the WAN for security purposes.

thx

Hi Brian,

That was also the question I've been thinking about. I've checked some cases similar to yours, and allowing the User Portal on the WAN was mandatory.

The only issue was the sudden occurrence. As you've stated, this was working before.

"In some cases it seems to be certain users more frequently than others."

• For the affected user, to verify, are all affected?

I would also recommend you create a case to have this further troubleshoot and share the case ID here.

Well, truth be told. We've actually had this issue for a long time. I believe since we made the decision to not have the user portal open on the WAN. Whick makes sense all things considered.

It has not happened for all users. But for some it has happened multiple times.

We cannot submit a support case as we are serviced by an MSP. Their stance has been that they won't open a case unless they have a user actively experiencing the issue to work with. We have provided that several times, but we normally can't leave a user off of VPN long enough for them to do anything. We are pressing the issue with them as we feel they should be able to get some sort of feedback from support as to what could be involved in the issue. JMHO.

Thanks for all of your help!

Hi Erick Jan,

I found this thread ... and I think it's weird that you mention opening the User Portal is a pre-requisite for configuration, when the firewall itself states that the "Turning on WAN Access for the user portal can expose your firewall to attack."

I this really the only option?

BR,

Alain

Hi Alain,

Thank you for reaching out to Sophos Community.

Kindly check the following KB's with the same queries, which might assist.

 Sophos Connect - Does the User Portal have to be on the WAN interface for it to work? 

Sophos Connect and delivery of configuration via User Portal

 How to Access SophosXGFirewall admin and user portal from WAN ? 

Hello, 

We were able to get a ticket open with Sophos and the end response is below in quotes.

Since this, we have left the Wan user portal open and not had any issues with having a "Failed to Load Connection" error message.

So, I guess this is still an issue that may hopefully be addressed in the future so we only have to have the Wan user portal open for configuration and not always. JMHO.

"Hello Team,

Just wanted to give you an update. I was able to confirm for using the provisioning file the WAN access for user portal needs to be enabled.

I tried making a connection using a pro file to my firewall with User Portal access disabled on  WAN and I got the same error of Failed to load the connection.

Once the User Portal access was enabled for WAN I was able to connect to the VPN fine.

Since this is a prerequisite for keeping the user portal access enabled on WAN while using pro file. I would suggest keeping the access enabled all time and monitor if any issues.

Let me know if you have any questions or concerns on this."

Hi Brian Mowrer Sophos Firewall v20 introduces a new hardened and highly secure containerized self-service VPN portal for remote-access users. It provides remote-access self-service options such as downloads for the Sophos Connect Client, VPN configurations, auto-provisioning, and clientless VPN bookmarks.

So with V20, you may prevent exposing the legacy user portal to the WAN and you may use the new VPN portal over WAN.

Sophos Firewall v20: VPN Enhancements
https://techvids.sophos.com/watch/bgUdBHwMBFLt8KnwgcFr7u

Reference - community.sophos.com/.../sophos-firewall-v20-is-now-available

We have this issue also on all of our firewalls and have to fix around 1-2 users DAILY. Opening VPN portal to WAN side is not a solution when this issue should not happen at all. Seriously fix your product or users move to vendors that do not have multiple issues like this.