Hello guys,
Im facing a bit problem with IPSEC VPN in Tunnel mode. When the WAN link goes down in BO or HO the IPSEC tunnel does not reconnect automatically. I need force reconnect manually (clicking in red circle).
Im using the default "Head office…
I have a scenario I could not find an answer for. I have a health probe that comes in over my established VPN tunnel interface xfr1. These can be typical ICMP Requests that source from various IPs, or they can be constructed packets where there is an…
Hi All,
We have Head Office with 6 Branch Offices. Each Branch office is connected to the Head Office via a Policy Based IPSEC S2S VPN. The head office and branch offices all have 4G backup internet. Hence, this requires 4 tunnels per branch office…
I have a site to site VPN between a Sophos XGS 116 and Cisco ASA 5516-X firewall. I have the two WANs configured (active/backup), and a VPN failover group created. When the main ISP goes down, the backup ISP takes over and the VPN continues to work as…
Hi there
Have setup a VPN to AWS from a XG on v 19.5 firmware
I used the VPC config file provided by AWS on the VPN Gateway and uploaded it to the Sophos as a VPC site to site VPN.
The BGP and VPN comes up - however once up the WAN interface…
Hi
I have configured a GRE tunnel between two Sophos Firewalls and it works fine and I am able to ping both GRE tunnel IPs from other side. I am trying to add GRE tunnel IP address of other side as SD-WAN Gateway so I could route traffic by SDWAN rules…
Hi Folks,
We are facing a strange behavior when using IPSEC Tunnel Mode and SDWAN routing.
When using IPSEC Tunnel Mode thw access between Hosts (behind XG Firewall) from BO and HO it works as expected, but when I try access XG GUI from HO side via…
Hello all,
We have a problem with one of our software applications. We are using SFOS 19.5.0 GA-Build197. The software needs to connect to a remote server which is only available via site-to-site VPN. The connection is configured and is working (green…
Hello,
we have a Sophos FW, which has already a S2S Tunnel to a Site A with network 192.168.0.0/24
Is it possible to create another S2S VPN to a Site B with three hosts only, but they belong to the same network: 192.168.0.7, 192.168.0.9, 192.168.0…
Hello together, I am struggling with a strange problem. In my setup, an XG is supposed to send all internet traffic from a branch office through the central office. For this I have set up an IPsec site-to-site connection. For most of the internet traffic…
A customer of ours is using a Sophos Firewall to create IPSEC VPN tunnels to a remote 3rd party Data Center which has Fortinet installation i.e. the connections here are between Sophos and Fortinet. They have setup 3 IPSEC VPN connections between these…
Hello Community,
the setup guides and the IPsec settings for our XGS3100 Firewall confuse me.
I want to setup a IPsec Site-to-Site tunnel to connect to our Site in another city. Both sites have new XGS3100 Firewalls running SFOS 19.5.1.
The configuration…
Hi guys and girls,
I'd like to configure 2 IPsec VPN tunnels to Azure over 2 WAN links so that if a WAN link fails, it automatically fails over to the second IPsec tunnel. On the Azure side it would be configured to use BGP so that the routes are advertised…
After extensive tracing of the traffic, what happens is that XG receives the packet, but it does not encapsulate it to send over the xfrm interface.
this is from the server side:
this is from the client side:
where you can see that IP packet…
I have configured Site to Site Vpn in Sophos and Microtik Firewall, But issue is i have not getting ping for the Sophos side but i am able to ping for Microtik side. its means i have ping for only one side not both. can are you suggest some tips for resolve…
We have an ipsec tunnel local subnet: 10.2.226.0/24 remote subnet: 10.227.0.0/16
the local_subnet was the NATted subnet of others subnets.
When the tunnel is up, no traffic to 10.227.0.0/16 In the strongswan.log, we can view the firewall don't want…
Dear All Sophos Expert Team,
How are you? Hope you are doing well,
A few days ago, I configured an IPSec tunnel between my Sophos XG firewall and my Mikrotik server located at a remote location. After configuring the IPSec tunnel, all of my network…
Can anyone help me get my site to site up between a XGS116 and a Cisco ASA5506.
I am pretty sure its an issue with phase 2 as I can see the vpn on the cisco asdm vpn monitoring but it looks like its showing phase 1 but not phase 2. Also the sophos logs…
I have two branch offices running XGS107's and a head office running XG210. I also have another ipsec vpn to a sister agency that works fine. About 24 hours after I bring up the second branch office, the first one is dropped, says authentication failure…
VPN is working fine IP-wise. I can ping all the servers do RDP, the whole shebang. However when I try to ping *.mydomain.local from the HO VPN network I get the message that it couldn't be resolved. I configured DNS-requests routes in both appliances…
I am working with a customer where we have IPSEC VPN created between Sophos and Fortinet. The network allowed from the Fortinet side and configured as "Remote Subnet" in the IPSEC VPN is 10.10.0.0/16. We also have some URL's configured and the DNS Host…
Hello guys,
I have IPsec Tunnel Site-to-Site with this lans:
192.168.22.0/24
192.168.26.0/24
On the lan 26.0 i need to reach 1 machine and that machine got the ip 192.168.22.140. On diagnostic of firewall i can ping that machine but on CMD…
This is likely a unique situation, but I'm curious if anyone else has seen a similar configuration.
I have an IPSEC site to site VPN tunnel configured between two locations. At Site "A", all resources are on the same network and are configured to use…
Is it possible to create a NAT policy so that it uses the IP address of port #1 (LAN Zone) of the remote device as the MASQ address?
We have a client with around 28 remote offices. They are all connected by IPSEC site-to-site but only office LANs are…
Hi to all Sophos Community,
I was wondering if you had any idea on this problem.
First time using Sophos firewalls, mostly working on them via Sophos Central Web Admin.
So I enabled IPSec VPNs, it does work with local created users.
Company asked…