Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Firewall: v20.0 MR1: Feedback and experiences

Release Post:  Sophos Firewall OS v20 MR1 is Now Available 

The old V20.0 GA Post:  Sophos Firewall: v20.0 GA: Feedback and experiences  

To make the tracking of issues / feedback easier: Please post a potential Sophos Support Case ID within your initial post, so we can track your feedback/issue. 

Release Notes:  https://docs.sophos.com/releasenotes/output/en-us/nsg/sf_200_rn.html 

Important Note on EOL Sophos RED Support:

The legacy EOL RED 15, RED 15w, and RED 50 are not supported in v20 MR1. Customers using these devices should upgrade to SD-RED or a smaller XGS appliance before upgrading to MR1 to maintain connectivity. See the following article for details: Sophos RED: End-of-life of RED 15/15(w) and RED 50



Adding
[bearbeitet von: LuCar Toni um 10:50 AM (GMT -7) am 16 May 2024]
Parents
  • Updated my home-appliance from v20.0 GA - after the update i can't establish either a IPsec nor SSL-VPN connection with duo-push. Password is accepted and duo will trigger a push and after acception of the push, with the following error:

    2024-05-15 10:22:56AM [2528] inf Starting Sophos Sophos Connect version 2.2.90.1104
    2024-05-15 10:22:56AM [2528] dbg Initializing protected storage
    2024-05-15 10:22:56AM [2528] inf Logged on user is *USER*
    2024-05-15 10:22:56AM [2528] dbg Starting the auto-importer
    2024-05-15 10:22:56AM [2528] inf Initializing strongSwan
    2024-05-15 10:23:01AM [2528] dbg strongSwan version 5.9.5 has been started
    2024-05-15 10:23:01AM [2528] inf Initializing open vpn service
    2024-05-15 10:23:04AM [2528] dbg Starting the communications module
    2024-05-15 10:23:04AM [2528] dbg Starting HTTP server on 127.0.0.1:60110
    2024-05-15 10:23:04AM [2528] inf Sophos Connect started
    2024-05-15 10:23:09AM [21524] dbg Sending telemetry data to sftelemetry.sophos.com:443
    2024-05-15 10:23:12AM [23992] dbg *TARGET* VPN state changed to connecting
    2024-05-15 10:23:12AM [23992] dbg Starting tunnel (connecting)
    2024-05-15 10:23:12AM [23992] inf Remote added to list: *TARGET* 9443
    2024-05-15 10:23:12AM [23992] inf Remote added to list: *TARGET* 9443 tcp-client
    2024-05-15 10:23:12AM [23992] inf Remote added to list: *IP-NET-1* 9443 tcp-client
    2024-05-15 10:23:12AM [23992] inf Remote added to list: *IP-NET-2* 9443 tcp-client
    2024-05-15 10:23:15AM [23992] dbg Tunnel initiated to *TARGET* 9443
    2024-05-15 10:23:17AM [18508] dbg *TARGET* user authentication failed - clearing any stored credentials
    2024-05-15 10:23:17AM [18508] dbg *TARGET* VPN state changed to disconnected
    2024-05-15 10:23:17AM [18508] dbg Sending notification: User authentication failed. Please try again
    2024-05-15 10:23:17AM [23992] dbg Tunnel is stopped
    2024-05-15 10:23:17AM [18508] dbg received exiting event
    2024-05-15 10:23:22AM [7964] dbg Handling request for file type 2
    2024-05-15 10:23:22AM [7964] dbg Sending file 'openvpn.log' from 'C:\Program Files (x86)\Sophos\Connect\openvpn.log'

    Will troubleshoot when i get home

    EDIT: log is from scvpn.log

    _______________________________________________________

    Sophos SG 210 with Sophos XG Home - 20.0 MR 1

    If a post solves your question please use the 'Verify Answer' button.

  • Hi  , would it be possible to DM () your SFOS access id so that we can take a look at your setup? Please share the /log/access_server.log; are you using .pro file with SCC to have sslvpn/ipsec vpn with SFOS or using .scx file?

  • Hi  ,

    DMed you the access ID and the log. I was using a .scx file - I exported a new config after the update and also updated SCC to 2.3, issue still exist.

    With the .pro file SCC can't fetch the vpn portal - VPN Portal service is enabled on WAN in ACL.

    _______________________________________________________

    Sophos SG 210 with Sophos XG Home - 20.0 MR 1

    If a post solves your question please use the 'Verify Answer' button.

Reply Children