Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • GRE TUNNEL TUNNEL GETTING PRECEDENCE OVER OSPF

    Hello, I'm currently managing an XGS Sophos firewall at our headquarters, and we have a dual ISP setup connecting to branch offices. Our primary ISP uses **OSPF**, while the secondary ISP relies on a **GRE tunnel. The challenge arises when I add a…
  • REMOTE ACCESS VPN

    Hello, good morning, my vpn connect is something strange, apparently when I connect it to my laptop and connect to another network the vpn grabs me, but the users who install the vpn connect, I enter their credentials, it looks like the image, they are…
  • Connecting to VPN ignores all local DNS setup

    I have some services running on a local server behind a reverse proxy and those services are protected from access outside IP subnets not specified in the reverse proxy settings. In my local router, I have the addresses for all these services listed…
  • VPN on Android, can access LAN by IP but not Name

    On my phone connected via OVPN I can access local network resources by IP but name resolution won't work. VPN: SSL VPN (remote access) I have Policy Members setup Use as default gateway is on Permitted network sources IPv4 is set to my local LAN VPN…
  • How to find out IP-Adresses of incoming ipsec vpns at sophos xgs firewall

    We have a sophos xgs with several ipsecn vpns site to site running. the Sophos XGS is responding to some VPNs that are without fixed public ipv4 adresses. One VPN incoming has no fixed static ip adress, but i need to enter that ip-adress at xgs to…
  • VPN SITE TO SITE

    HELLO GOOD AFTERNOON DO YOU KNOW WHY THE VPN CANNOT CONNECT AND I AM CHECKING THE RULE BUT THERE IS TRAFFIC AND THIS IS THE RULE
  • Passing IPsec networks through SSL VPN

    Dear, I have a site-to-site VPN between a Sophos XGS87 and a fortigate. I need SSL VPN users on my Sophos to have access to remote networks from this fortigate. Local networks on the Sophos XGS87 side: 10.40.85.0/24 10.50.85.0/24 Sophos SSL VPN…
  • Sophos Connect - SSL VPN not working

    We are having an Issue with the VPN Connection of a single Client. Users are authenticated via AD, the Sophos Connect Client and Config file was downloaded from the Sophos VPN Portal. When starting the VPN Connection it loads forever until it eventually…
  • Captive portal on branch site with RED on standard/split setup - update

    We have a community post 5 years ago regarding Captive portal on branch site with RED on standard/split setup. The answer was that is not possible because, in Standard/Split implementation, the internet traffic is routed directly from the RED to the…
  • Sophos XGS Site-To-Site SSL VPN will not auto connect after reboot

    Hi, We have a Sophos XGS 107 (Client) connecting to another unit XGS 2100 (Server) via Site-To-Site SSL VPN. We noticed the Site-to-Site SSL VPN will not auto connect after the Client unit get restarted When it happened, we manually on/off the SSL…
  • VPN IPsec site to site between Sophos and Seqrite UTM

    I have created VPN IP Sec between Sophos xg136 and Seqrite Terminator UTM after some time vpn auto disconnted and send below log error. And manually have to conect. Couldn't parse IKE message from 47.X.X.X[38049]. Check the debug logs. Traffic…
  • SSL VPN access condiitonal access (etc like Checkpoint VPN)

    Hi everyone, been curious lately, is it possible to have something like checkpoint conditional access (like is windows up to date, is defender/antivius activated and so on) before allowing to the vpn gateway. And im not talking abou ZTNA since that…
  • Sophos VPN Client - disable autoconnect when in local network

    Hi all, I'm struggling with setting up Sophos VPN Client on user's Windows computers. What behaviour I expect is to automatically connect when user connects any network except internal LAN/WIFI. So if users is turning on the laptop at home and…
  • Sophos Connect: MFA box parameter in .ovpn files?

    Is there any way to activate the MFA box at login in Sophos Connect direct in a .ovpn config (no provisioning)? I guess with provisioning the firewall will also only create a .ovpn config with a parameter for MFA. client dev tun proto udp verify-x509…
  • Remote access SSL VPN with certificate only based authentication

    Hello! I know that a few years ago there was a feature request on the currently retired Sophos's ideas portal, regarding remote access SSL VPN with certificate only based authentication, for Sophos XGS firewalls. Does anybody know if it's possible right…
  • help to configurate IPSec VPN sophos xgs136

    Hello everyone, I need help setting up an IPsec VPN. My provider gave me these parameters: Remote Gateway: <public address A> Subnet: <range of public addresses B> Phase1 and Phase2 parameters that I know it have to match Firewall XGS136 I…
  • Sophos Connect - Problems with activated IPv6 on Client

    Hello, we're using a Sophos XG 135 in Cluster as VPN-Endpoint. On the client side, we're using Sophos Connect with a provisioningfile. If a client gets a IPv6-Lease (on the WiFi-Adapter in Windows, for example), users can't connect with Sophos Connect…
  • Site-to-Site VPN Problem Invalid SPI

    Hi, We are using Sophos Firewall XG310 , SFOS v20. It's been 4 month we have established Site-to-Site VPN, and today suddenly our connection is Down with many " Received IKE message with invalid SPI (D3EED417) from the remote gateway " log messages…
  • Very slow web admin access from RED network

    Hello everyone, I have a central xgs 2100 firewall with 5 RED devices connected. When I am in one of the networks managed by a RED and I have to access the firewall's web admin, the connection to the web admin is excessively slow and impossible to use…
  • No Access to new VPN Portal

    Hi everyone, I have updated my XG to the new SFOS 20 and set everything up according to the knowledgebase article. When I now go to my URL " ">https://firewall.my_Domain.de" , I get a "forbidden" I also have a WAF rule that points to my bookstack. As…
  • Appliance Certificate - RED fail PCI Scan

    Last year or so ago we had a case regarding this issue. Once again a vendor conducted a friendly PCI scan on our public interfaces and send us a notice of Non-compliance. The robot scanner is seeing the self-signed appliance certificate on PORT 3400…
  • Checking the connection over a long period of time

    Hello, we have two firewalls of the XGS segment connected over a Red tunnel. On one end we have a hardware terminal that is used to take the working times of our employee. Now we have the situation that every few days the terminals losts connections…
  • RED VPN specs

    Hello, A customer is asking me for RED VPN specs: What protocol is used? VPN/IPSEC? SSL? If IPSEC, which IPSEC protocol is used? AH? ESP? Which mode? Transport? Tunnel? Which EAP authentication protocol? Is it mutual client/server authentication…
  • Azure SAML auth for Connect SSL VPN

    Hi, what is the status of this development, when is it coming? has sophos not yet understood how important this is for customers? the workaround that you send to people here in the forum does not always work properly either. we need a solutions, now…
  • SNAT over ipsec not working XGS2100

    I am referring this post with similar issue DNS request to DNS over Site2Site VPN I have below setup XG310 -- branch office XG430 -HA -- Head office Now I got XGS2100 - 2nd branch office ( Gateway local ip: 172.16.1.100 ) XGS2100 …