Sophos Connect v2.3 and SFOS v20 MR1 - SSL VPN - Delayed disconnection

Question

Hi,

With the noon version of Sophos Connect v2.3 against SFOS v20 MR1, I encountered a bug in the delayed disconnection of SSL VPN server-side (XG Sophos firewall). On the client side the connection is already in a disconnected state, but on the firewall I can still see an active connection. This state lasts about 5 min. I compared this with the behavior with OpenVPN community client v2.6.10 and there the disconnection occurs on the server side a few seconds after the client side.

This thread was automatically locked due to age.

Vishal_R · Accepted Answer

Hi Jaroslav Faldik Thank you for sharing this information, if your existing SSL VPN is configured on UDP protocol then yes there may be a chance it is related to NC-120615. 
 Currently, Sophos connects clients with UDP-based SSL VPN configuration, with no feature there to send the SIGTERM to the server while for TCP-based connection, TCP RESET packets notify the server for the same. 
 If you are using UDP-based SSLVPN RA then the workaround would be to set a TCP-based SSLVPN RA connection, which will immediately disconnect the user from the live user list. In my LAB SSL VPN is set to TCP and that is the reason the issue was not observed for me when I tried to check/re-produced.

Sophos Connect v2.3 and SFOS v20 MR1 - SSL VPN - Delayed disconnection

Top Replies