Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • Sophos XG Firewall - IPSEC VPN MFA ISSUE with OTP PIN

    Hi, I have XG125 (SFOS 19.5.1 MR-1-Build278) and IPSEC Remote Access for the users with internal OTP MFA. Remote users started to report disconnecting the VPN during the day, BUT also the need for MFA PIN to be entered multiple times a day. For example…
  • IPSec (Using NAT) add multiple local network

    Hello, We have created the IPSec tunnel (uses NAT) to application provider dc. Internal network is translated to NAT IP (provided by application provider). Tunnel is working. Now, we have to add SSL vpn remote access network to that IPSec tunnel…
  • VPN Ipsec Site-to-site

    Hi. I have a site-to-site ipesc tunnel with my branch, the tunnel is connected to both parts, I have two rules created, Inbound and Outbound rule, the inbound rule works perfectly, all clients on the branch network can connect to my servers, but the…
  • Read IPSec Connection Status via API

    Hello, I was able to Active/DeActive an IPSec Connection via API (See the following thread) Activate and deactivate IPsec connection via CLI What I am not able to do is to read the actual status of the IPSec Connection. I was able to read out the…
  • WAF for Web-Server behind IPsec-Connection

    Hello, I have the problem with an XGS 107 (19.5.2-B624) that a web server (10.203.111.101), which is located behind an IPsec connection, is not reachable via the WAF. When accessing the web server via the Internet, I get the code 503. However, the problem…
  • Devices behind RED20 can not Access Server within Site 2 Site VPN connected by XG

    Hi friends, today I'm facing a fancy issue with one of our smaller customers. We try to connect to an RDP-Server within a Site2Site VPN. From XG LAN we are able to connect to the RDP-Server with any client within the LAN-Zone. Now we need to get…
  • Sophos Firewall Authentication to server in Azure across VPN Tunnel

    I recently worked through a problem where an on premise firewall was unable to authenticate Remote Access VPN users with Active Directory as the server is hosted in Azure through a VPN (Active Directory is used instead of AAD as it's less expensive to…
  • Sophos v19 Site To Site VPN Multiple Wan Routing Problem

    Hello everyone, After migrating to version 19, we wanted to remove the migrated rules and rewrite the all configuration. However, we ran into some problems with the reconfiguration. We have 2 WAN internet interface and do not do load balancing or…
  • IPSec tunnel with Cisco Peer

    Hello guys, what is your suggestion to establish an IPSec tunnel with a Cisco router that is configured: Phase1 algorithms: 3des and MD5 Phase2 algorithms: esp-3des and esp-sha-hmac
  • Sophos XGS 2100 no outbound traffic

    Greetings and thanks for reading! I'll have to start by asking for some patience as I'm new to the Sophos firewall platform. I'm going to provide a lot of detail to make sure I dont miss something important. I work for a small university and am trying…
  • Two XG 19.5 IPSEC S2S connected, DNAT from WAN head office to a remote server in branch office.

    I have this situation: HEAD OFFICE: IP: 192.168.75.0/24 BRANCH OFFICE IP: 192.168.82.0/24 Host: 192.168.82.64 I established a S2S between the two firewalls but I need to publish from te WAN head office a service on a remote host in branch…
  • Ipsec traffic go through ssl tunnel inspect of ipsec tunnel

    hi everyone. i have created ipsec route base vpn but when everything done, the traffic is going through wrong tunnel interface. the precedence route is static > sd wan route > vpn route. ipsec status is up. and i have added route to the remote…
  • Strange Traceroute behavior between sites

    Hi there. I have 3 sites, each connected to our datacenter. Location 2 has a Tunnel interface connection, Location 1 and 3 have a Site-to-site connection. Like this: Location1 ====sitetositetunnel===== Datacenter=====tunnel=====Location2 Location1…
  • IPSEC Tunnel Mode does not reconnect automatic

    Hello guys, Im facing a bit problem with IPSEC VPN in Tunnel mode. When the WAN link goes down in BO or HO the IPSEC tunnel does not reconnect automatically. I need force reconnect manually (clicking in red circle). Im using the default "Head office…
  • Rule/Route Configuration to allow ICMP probes over VPN Tunnels

    I have a scenario I could not find an answer for. I have a health probe that comes in over my established VPN tunnel interface xfr1. These can be typical ICMP Requests that source from various IPs, or they can be constructed packets where there is an…
  • S2S IPSEC - Policy based and Routing based

    Hi All, We have Head Office with 6 Branch Offices. Each Branch office is connected to the Head Office via a Policy Based IPSEC S2S VPN. The head office and branch offices all have 4G backup internet. Hence, this requires 4 tunnels per branch office…
  • VPN Failback Issues with Backup ISP

    I have a site to site VPN between a Sophos XGS 116 and Cisco ASA 5516-X firewall. I have the two WANs configured (active/backup), and a VPN failover group created. When the main ISP goes down, the backup ISP takes over and the VPN continues to work as…
  • AWS VPN + BGP , up and down .

    Hi there Have setup a VPN to AWS from a XG on v 19.5 firmware I used the VPC config file provided by AWS on the VPN Gateway and uploaded it to the Sophos as a VPC site to site VPN. The BGP and VPN comes up - however once up the WAN interface…
  • GRE Tunnel as SD-WAN Gateway

    Hi I have configured a GRE tunnel between two Sophos Firewalls and it works fine and I am able to ping both GRE tunnel IPs from other side. I am trying to add GRE tunnel IP address of other side as SD-WAN Gateway so I could route traffic by SDWAN rules…
  • SDWAN - IPSec Tunnel Mode does no access XG GUI

    Hi Folks, We are facing a strange behavior when using IPSEC Tunnel Mode and SDWAN routing. When using IPSEC Tunnel Mode thw access between Hosts (behind XG Firewall) from BO and HO it works as expected, but when I try access XG GUI from HO side via…
  • AD SSO Authentication and site-to-site VPN connection

    Hello all, We have a problem with one of our software applications. We are using SFOS 19.5.0 GA-Build197. The software needs to connect to a remote server which is only available via site-to-site VPN. The connection is configured and is working (green…
  • Two S2S VPN to same remote networks

    Hello, we have a Sophos FW, which has already a S2S Tunnel to a Site A with network 192.168.0.0/24 Is it possible to create another S2S VPN to a Site B with three hosts only, but they belong to the same network: 192.168.0.7, 192.168.0.9, 192.168.0…
  • Some WAN destinations not reachable through IPsec site-to-site

    Hello together, I am struggling with a strange problem. In my setup, an XG is supposed to send all internet traffic from a branch office through the central office. For this I have set up an IPsec site-to-site connection. For most of the internet traffic…
  • S2S IPSEC Load balaning

    A customer of ours is using a Sophos Firewall to create IPSEC VPN tunnels to a remote 3rd party Data Center which has Fortinet installation i.e. the connections here are between Sophos and Fortinet. They have setup 3 IPSEC VPN connections between these…
  • IPsec site-to-site connection, two initiators

    Hello Community, the setup guides and the IPsec settings for our XGS3100 Firewall confuse me. I want to setup a IPsec Site-to-Site tunnel to connect to our Site in another city. Both sites have new XGS3100 Firewalls running SFOS 19.5.1. The configuration…