Unable to Connect VPN due to SSL CA Certificate Expired

Question

Hello.

We have a client using Sophos Firewall installed in a VM. (Firmware 17.5.12)
They are have expired SSL CA Certificate and when they applied new SSL CA Certificate, it shows error and VPN users unable to connect.
So, now they are using expired certificate no avoid any connection issue for VPN users.

We did upgraded the firmware to 19.5.2 to get support from Sophos Team but more issues arise for our clients.
So, they roll back the firmware to 17.5.12. I have emailed Sophos Support same question as below, but they only replied with this link
https://support.sophos.com/support/s/article/KB-000035279?language=en_US
which did not help us to explain to our client.

Questions as below:
1. On Firmware 19.5.2, they unable to create new VPN user. Can we know the root cause?

2. On Firmware 19.5.2, some existing users have issue with Remote access VPN. Can we know the root cause?

3. On Firmware 17.5.12, user side now using expired SSL CA Certificate and have no issue.
Is there any potential issues arise if users continue to utilize the expired SSL CA Certificate in the future?

4. How long can user utilize the expired SSL CA Certificate without replacing with new certificate?

Thank you.

This thread was automatically locked due to age.

Vivek Jagad · Answer

Hello Help Desk IT-ops , Thank you for reaching out to the community, in the v19 there are couple of changes and once you move to v19 ensure the see the following sections mentioned in the docs below: > Update the default CA . > Sophos Firewall: SSL VPN "IPv4 lease range" changes OR global settings update gives error "You must enter a network IP address." in SFOS v19 . > Sophos Firewall: When will SSL VPN users need to re-download the configuration . > End-of-Life for Sophos SSL VPN Client .