Hello, we are using Sohpos XG virtual firewall to connect VPN, it was working fine till few days before. Now on connecting we are observing error which states that "Policy mismatch error. Import a new policy for this connection." Please note that applied certificate was expired but it has been replaced with ne one, still observing this error.
Hello,
Thank you for contacting Sophos Community!
Kindly review below:
Mayur Makvana
Technical Account Manager | Global Customer Experience
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question please use the 'Verify Answer' button.
Thanks Mayur Makvana , we already tried to download new ovpn file as suggested in article but it is still same :(
Hello,
I suggest raising the support case to investigate it further,
Mayur Makvana
Technical Account Manager | Global Customer Experience
Sophos Support Videos | Knowledge Base | @SophosSupport | Sign up for SMS Alerts |
If a post solves your question please use the 'Verify Answer' button.
Hi Muhammad,
Have you read the notes from the troubleshooting guide? You may also try to recreate the tunnel.
Erick Jan
Community Support Engineer | Sophos Technical Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
I think that this massege is misleading. If you look closer at the openvpn.log you see that the tunnel pakets cant be decrypted and the connection fails. I have found out, that in our case this happens in Kerberos IMplementations AD. Linux and MAC and Windows Computers that are no Domain Members have no problem at all. It dos not matter if there is an xg or a utm working as openvpn Server. Not each Windows ad PC has this problems. We see it very often at smb copies. After or during the copy the connection fails. We always find this message:
This is John A V from Sophos.
I am leading the development of Sophos Connect Client.
Kindly verify my profile for Sophos tags.
Could you please unicast "Access ID" so that we can look at configuration of your firewall.
Thanks
John
Thanks you everyone for your support, issue was resolved as there was some certificate issue which was resolved by our IT guy.
This is a great news Muhammad Jahanzaib
May I know what was wrong in the newly generated certificate ?
What was done in the certificate to make it working ?
High John,
this is a missunderstanding. We are another company which has the same Problem as Muhammad. You think the TLS Cert is the Problem? If a new one would be generated Do the users need a new config file? We have about 150 Users internal and external. This would be a big problem.
nothing was wrong in certificate it self. The issue was we have to place certificate at 2 places.
1. System --> Administration --> Admin and User Settings --> Admin console and User end Interaction --> Certificate
2. Configure --> Remote Access VPN --> SSL VPN --> SSL VPN Settings --> SSL Server Certificate