Sophos Connect not working for an off site partner

Question

We are a Sophos XG 750 customer, we utilize Sophos Connect as our VPN for offsite connections. We have a partner who is trying to connect using the client, and they are getting an error. Everything seems to be the same except they are a business and we are unsure what their outbound firewall blocking policies are. The error they get is something akin to: "Policy mismatch error". They opened up port 8443 so we are told. Anyone have any advice on what the issue could be? 
 
 Some of the errors from the log file state: 
 2023-11-07 16:29:18 Server poll timeout, restarting 
 2023-11-07 16:35:40 TLS Error: TLS key negotiation failed to occur within 60 seconds 
 2023-11-07 16:35:40 TLS Error: TLS handshake failed

Erick Jan · Answer

Hi Josh, 
 Thank you for reaching out to Sophos Community. 
 Have you tried to use any how-to videos, documentation, Sophos Assistant, or KBA to try to check the issue? 
 In Addition to Adam, kindly check the following KB for Policy Mismatch Error. 
 
 Troubleshoot event errors

Josh Rogalski · Answer

Turns out that UDP port 8443 was indeed opened up, but that specific partner was blocking the majority of outbound traffic. They only opened it up for one of our interfaces on the XG, but for some reason the XG was switching the connect client over to the one higher in the list. Not sure why, but after opening that IP in their firewall everything worked great. So as mentioned by those below, definitely a port issue on their end. Recommend if you run into this, that you check if you have more than one WAN, and relay that information even if you are pointing the VPN to a totally separate WAN interface. Thanks everyone!

Sophos Connect not working for an off site partner

Top Replies