Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Connect v2.3 and SFOS v20 MR1 - SSL VPN - Delayed disconnection

Hi,

With the noon version of Sophos Connect v2.3 against SFOS v20 MR1, I encountered a bug in the delayed disconnection of SSL VPN server-side (XG Sophos firewall). On the client side the connection is already in a disconnected state, but on the firewall I can still see an active connection. This state lasts about 5 min. I compared this with the behavior with OpenVPN community client v2.6.10 and there the disconnection occurs on the server side a few seconds after the client side.



This thread was automatically locked due to age.
Parents
  • Hi,  Thank you for reaching out to the Sophos community team. I have tried to check a similar kind of re-production with SF OS and Connect client version details mentioned by you but unfortunately, the issue is not getting re-produced for me in my setup.

    i.e. If I click on "Disconnect" on the Sophos Connect client side, the same user is removed from live users immediately. 

    If the client is disconnected due to "Dead peer detection" then the firewall will close the connection after 180 seconds (3 min - default time) with an unresponsive client or whatever time has been set by the admin in  SSL VPN global settings.



    For more info: Sophos Firewall: Understanding the Idle timeout and the dead peer detection for remote access SSL VPN
    support.sophos.com/.../KB-000038126

    Regards,

    Vishal Ranpariya
    Technical Account Manager | Sophos Technical Support

    Sophos Support Videos | Knowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'Verify Answer' link.

  • Hi 

    Thanks for the response. That's strange that it can't be reproduced, because I've had it behave that way on three PCs for two users so far. Maybe I can enable the SSL VPN debug mode and send you the output from it.  

Reply Children
No Data