Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 4 replies
  • Subscribers 39 subscribers
  • Views 1494 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Appliance Certificate

SophosNewby

Does regenerating the Appliance Certificate affect any other access besides SSL VPN? This is my issue, we recently had our XG210 replaced and rebuilt the new unit with a backup. Prior to the firewall failure SSL VPN has been my goto setup for staff who travel to China, seems to be the only working setup thru their firewall. Anyway I have staff person in China at the moment and although they can actually connect using Sophos Connect and a SSL profile, they are unable to access network resources, I have actually tested in North America and this does appear to be the case.  Nothing has changed but the unit itself and certificate reflects the previous unit. Being the Appliance Certificate has the serial number of the previous one would this conflict causing the issue? Thank you



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    Thank you for reaching out to Sophos Community.

    Can we inquire about what firmware version/SCC version you’re using?

    Regenerating the Appliance Certificate should not affect other services beyond SSL VPN and WebAdmin.

    Verify that the SSL VPN configuration on the new unit reflects the correct certificate information and that firewall rules are correctly configured to allow VPN traffic to reach internal resources.

    For additional reference, you may see the following RR

    Erick Jan
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • 0 in reply to Erick Jan

    Thank you, the ApplianceCertificate currently lists the previous units serial number. As mentioned the SSL VPN clients have ben using the system since 2017, although I moved 99% of users to IPSec, SSL VPN is the only configuration that will thru China's Great firewall.  So this is a new issue since the replacement at the end of April 2024. We have had no users require an SSL connection till last week, so this is the first test.  Version 19.0.3, previous unit was 18.5.

Reply
  • 0 in reply to Erick Jan

    Thank you, the ApplianceCertificate currently lists the previous units serial number. As mentioned the SSL VPN clients have ben using the system since 2017, although I moved 99% of users to IPSec, SSL VPN is the only configuration that will thru China's Great firewall.  So this is a new issue since the replacement at the end of April 2024. We have had no users require an SSL connection till last week, so this is the first test.  Version 19.0.3, previous unit was 18.5.

Children
No Data
Unfiltered HTML