Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • IPSEC Tunnel Mode does not reconnect automatic

    Hello guys, Im facing a bit problem with IPSEC VPN in Tunnel mode. When the WAN link goes down in BO or HO the IPSEC tunnel does not reconnect automatically. I need force reconnect manually (clicking in red circle). Im using the default "Head office…
  • Rule/Route Configuration to allow ICMP probes over VPN Tunnels

    I have a scenario I could not find an answer for. I have a health probe that comes in over my established VPN tunnel interface xfr1. These can be typical ICMP Requests that source from various IPs, or they can be constructed packets where there is an…
  • S2S IPSEC - Policy based and Routing based

    Hi All, We have Head Office with 6 Branch Offices. Each Branch office is connected to the Head Office via a Policy Based IPSEC S2S VPN. The head office and branch offices all have 4G backup internet. Hence, this requires 4 tunnels per branch office…
  • VPN Failback Issues with Backup ISP

    I have a site to site VPN between a Sophos XGS 116 and Cisco ASA 5516-X firewall. I have the two WANs configured (active/backup), and a VPN failover group created. When the main ISP goes down, the backup ISP takes over and the VPN continues to work as…
  • AWS VPN + BGP , up and down .

    Hi there Have setup a VPN to AWS from a XG on v 19.5 firmware I used the VPC config file provided by AWS on the VPN Gateway and uploaded it to the Sophos as a VPC site to site VPN. The BGP and VPN comes up - however once up the WAN interface…
  • GRE Tunnel as SD-WAN Gateway

    Hi I have configured a GRE tunnel between two Sophos Firewalls and it works fine and I am able to ping both GRE tunnel IPs from other side. I am trying to add GRE tunnel IP address of other side as SD-WAN Gateway so I could route traffic by SDWAN rules…
  • SDWAN - IPSec Tunnel Mode does no access XG GUI

    Hi Folks, We are facing a strange behavior when using IPSEC Tunnel Mode and SDWAN routing. When using IPSEC Tunnel Mode thw access between Hosts (behind XG Firewall) from BO and HO it works as expected, but when I try access XG GUI from HO side via…
  • AD SSO Authentication and site-to-site VPN connection

    Hello all, We have a problem with one of our software applications. We are using SFOS 19.5.0 GA-Build197. The software needs to connect to a remote server which is only available via site-to-site VPN. The connection is configured and is working (green…
  • Two S2S VPN to same remote networks

    Hello, we have a Sophos FW, which has already a S2S Tunnel to a Site A with network 192.168.0.0/24 Is it possible to create another S2S VPN to a Site B with three hosts only, but they belong to the same network: 192.168.0.7, 192.168.0.9, 192.168.0…
  • Some WAN destinations not reachable through IPsec site-to-site

    Hello together, I am struggling with a strange problem. In my setup, an XG is supposed to send all internet traffic from a branch office through the central office. For this I have set up an IPsec site-to-site connection. For most of the internet traffic…
  • S2S IPSEC Load balaning

    A customer of ours is using a Sophos Firewall to create IPSEC VPN tunnels to a remote 3rd party Data Center which has Fortinet installation i.e. the connections here are between Sophos and Fortinet. They have setup 3 IPSEC VPN connections between these…
  • IPsec site-to-site connection, two initiators

    Hello Community, the setup guides and the IPsec settings for our XGS3100 Firewall confuse me. I want to setup a IPsec Site-to-Site tunnel to connect to our Site in another city. Both sites have new XGS3100 Firewalls running SFOS 19.5.1. The configuration…
  • Issues setting up Azure IPsec site-to-site VPN with automatic failover

    Hi guys and girls, I'd like to configure 2 IPsec VPN tunnels to Azure over 2 WAN links so that if a WAN link fails, it automatically fails over to the second IPsec tunnel. On the Azure side it would be configured to use BGP so that the routes are advertised…
  • TCP traffic randomly not tunneled in xfrm - XG 19

    After extensive tracing of the traffic, what happens is that XG receives the packet, but it does not encapsulate it to send over the xfrm interface. this is from the server side: this is from the client side: where you can see that IP packet…
  • Site To Site Vpn

    I have configured Site to Site Vpn in Sophos and Microtik Firewall, But issue is i have not getting ping for the Sophos side but i am able to ping for Microtik side. its means i have ping for only one side not both. can are you suggest some tips for resolve…
  • IPSEC VPN site-to-site - No route to add

    We have an ipsec tunnel local subnet: 10.2.226.0/24 remote subnet: 10.227.0.0/16 the local_subnet was the NATted subnet of others subnets. When the tunnel is up, no traffic to 10.227.0.0/16 In the strongswan.log, we can view the firewall don't want…
  • SOPHOS IPsec Tunnel With Mikrotik Router Board

    Dear All Sophos Expert Team, How are you? Hope you are doing well, A few days ago, I configured an IPSec tunnel between my Sophos XG firewall and my Mikrotik server located at a remote location. After configuring the IPSec tunnel, all of my network…
  • Sophos XG to Cisco ASA Site to site phase 2 issue

    Can anyone help me get my site to site up between a XGS116 and a Cisco ASA5506. I am pretty sure its an issue with phase 2 as I can see the vpn on the cisco asdm vpn monitoring but it looks like its showing phase 1 but not phase 2. Also the sophos logs…
  • XG and XGS branch office VPN failures

    I have two branch offices running XGS107's and a head office running XG210. I also have another ipsec vpn to a sister agency that works fine. About 24 hours after I bring up the second branch office, the first one is dropped, says authentication failure…
  • SSL-Site-to-Site DNS

    VPN is working fine IP-wise. I can ping all the servers do RDP, the whole shebang. However when I try to ping *.mydomain.local from the HO VPN network I get the message that it couldn't be resolved. I configured DNS-requests routes in both appliances…
  • Traffic not passed through IPSEC S2S VPN

    I am working with a customer where we have IPSEC VPN created between Sophos and Fortinet. The network allowed from the Fortinet side and configured as "Remote Subnet" in the IPSEC VPN is 10.10.0.0/16. We also have some URL's configured and the DNS Host…
  • Ping between IPSec Tunnel Site-to-Site

    Hello guys, I have IPsec Tunnel Site-to-Site with this lans: 192.168.22.0/24 192.168.26.0/24 On the lan 26.0 i need to reach 1 machine and that machine got the ip 192.168.22.140. On diagnostic of firewall i can ping that machine but on CMD…
  • Accessing resources across S2S VPN with different default gateway than firewall

    This is likely a unique situation, but I'm curious if anyone else has seen a similar configuration. I have an IPSEC site to site VPN tunnel configured between two locations. At Site "A", all resources are on the same network and are configured to use…
  • SOPHOS CENTRAL FIREWALL MANAGEMENT

    Is it possible to create a NAT policy so that it uses the IP address of port #1 (LAN Zone) of the remote device as the MASQ address? We have a client with around 28 remote offices. They are all connected by IPSEC site-to-site but only office LANs are…
  • AD Authentication configured but users not allowed to login

    Hi to all Sophos Community, I was wondering if you had any idea on this problem. First time using Sophos firewalls, mostly working on them via Sophos Central Web Admin. So I enabled IPSec VPNs, it does work with local created users. Company asked…