Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos Firewall: v20.0 MR1: Feedback and experiences

Release Post:  Sophos Firewall OS v20 MR1 is Now Available 

The old V20.0 GA Post:  Sophos Firewall: v20.0 GA: Feedback and experiences  

To make the tracking of issues / feedback easier: Please post a potential Sophos Support Case ID within your initial post, so we can track your feedback/issue. 

Release Notes:  https://docs.sophos.com/releasenotes/output/en-us/nsg/sf_200_rn.html 

Important Note on EOL Sophos RED Support:

The legacy EOL RED 15, RED 15w, and RED 50 are not supported in v20 MR1. Customers using these devices should upgrade to SD-RED or a smaller XGS appliance before upgrading to MR1 to maintain connectivity. See the following article for details: Sophos RED: End-of-life of RED 15/15(w) and RED 50



Prio Change
[bearbeitet von: LuCar Toni um 4:40 PM (GMT -7) am 23 Sep 2024]
Parents
  • After upgrading to this version, some SSL VPN users are experiencing problems with exceeding the maximum number of simultaneous connections. Globally I have 3 simultaneous connections enabled, but some clients are not connecting and the log says "User "xxx" failed to login to SSLVPN through Local authentication mechanism because of max login limit reached". However, just increase the global to 4 and they will connect.

  • Do you use the Provisioning file? Could the client maybe using multiple logins? 

    __________________________________________________________________________________________________________________

  • No, users use an individual .opvn configuration file downloaded from the VPN portal. They use the latest community version of OpenVPN 2.6.10 for Windows (OpenVPN-2.6.10-I002(or3)-amd64.msi) as the SSL VPN client. What do you mean about using multiples login?

  • Thanks for sharing access id over DM.  From the logs, I could see that some of the users (6 in number) had some problems connecting initially. Can you share how did you resolve the problem for them ? Did they download a new ovpn file or used a different sslvpn client, for example ? Those initial problems caused some stale entries in table due to which you are seeing the problem now.

    To take one example, the connection problems I am referring to occurred on May 23rd for the user "j***s**v.s*m*k" (hiding the complete name, that you would know).

    The immediate remedy for your problem is to delete those stale entries from the table while we investigate why it happened in the first place.

  • Hi Nikhil,

    I still can't send you a PM...

    Yes, these users had outdated OpenVPN clients (for example 2.3.12) before upgrading to this version of SFOS. After the upgrade their connection stopped working. They were advised to upgrade to the latest version of Sophos connect or OpenVPN community client and download the new configuration file. But even after this client and configuration upgrade they did not connect. It wasn't until I set up an unlimited number of simultaneous VPN connections on these clients that the connection worked. Subsequently, by trial and error, I arrived at a value of min. 4 simultaneous connections.

    In case of further occurrences, I just need information on how to delete the entries.

  • Yes, the older clients do not work with the latest server.

    The stale entries caused due to those problems will not be added anymore, so the number 4 that you have arrived at will hold. But if you want to keep your configuration unchanged, you can delete all those stale entries. As for the commands to delete those entries, I will send it over PM.

Reply Children