Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • On prem Sophos xg IOS 17.X IPSec tunnel to Azure on BGP

    How do I configure on-prem Sophos XG 17.X an IPSec tunnel to Azure running on BGP
  • IPsec - Site to Site Problem - Green but no traffic

    Hello, I have a Sophos XGS 2100 in the HQ and in the outher locations XGS116/126. So on some of the XGS 126 i have a Problem with the Site to Site VPN. In the Web-Gui the Firewall shows all connection green. both of the FWs But i can not…
  • ikev1 or IKEv2 IPSec site to site connection

    Hi all, I'm in an HO with about ten BO. site to site ipsec connections are all based on ipsec policies with IKEv1. I think IKEv2 is more secure do I have to migrate for security reasons to the IKEv2 version If so, is it just changing the version…
  • Site to site VPN authentication failure

    I am having problems recently with site-to-site vpns between my central XG firewall and two remote SG firewalls. Recently one of the vpns would no longer connect and appears to be an authentication error but I can't figure out what is wrong. Fullscreen…
  • Configure vpn ipsec site to site HQ-BO : 01 xg with modem (router mode) and second xg with modem (Bridge mode)

    Hi all, I have this topology (look at picture please), and i need to configure vpn ipsec site to site between HQ and BO HQ XG is connected to ADSL Bridge mode, but BO XG is connected to Fiber ONT (router mode) The two site have already static public…
  • How to forward traffic destined to a local LAN IP to an IP at the other end of an IPSEC tunnel?

    I have a site-to-site VPN tunnel with a NEC SV9100 phone system on each end but the two systems refuse to connect over the tunnel, but CAN connect if on the same local network. I can connect and log into each NEC device from either end of the VPN with…
  • VPN site to site with dynamic public ip

    Hello, Sorry for my english, i'm french ^^ I have a VPN site to site between a Zyxel USG FLEX 100 (Site A) and Sophos XGS 107 (Site B), it's works ! My problem is : Site B has a dynamic public ip. Each time the ip changes, I connect to change…
  • Sending Remote access traffic through Site-to-site VPN, with 1:n nat translation on XGS

    Hello Sophos community, I am trying to set up a szenario where I have to send IPsec Remote access traffic through a Site-to-Site IPsec VPN with 1:n NAT translation on a XGS Firewall. It seems to work on UTM: Sending Remote access traffic through…
  • IPSec Site-to-Site VPN Local Subnet Becomes Unreachable due to Inactivity

    Hello. We have an IPSec Site to Site VPN tunnel established with Oracle Cloud Infrastructure (OCI). There are two local subnets at SOPHOS XG end (x.x.x.x and y.y.y.y). At OCI end there is only one remote subnet (z.z.z.z). Now our users are at x.x.x.x…
  • syslog over VPN with "tunnel Interface", how ?

    Hi there, We would like to send the local syslog traffic through a VPN tunnel (with tunnel interface). There are guidelines for site-to-site: https://support.sophos.com/support/s/article/KB-000035820?language=en_US but have not found one for VPN with…
  • IP SEC site-to-site terminates and establishes every 2,5 minutes

    Hi, IPSec Client-SA is deleted every 2,5 minutes. Main-IPSec-SA stay avtive. System: XGS v19.5 2023-01-26 15:58:42Z 20[NET] <STATION010-1|4> received packet: from 109.40.222.222[41135] to 111.222.333.444[4500] (1236 bytes) 2023-01-26 15…
  • Can't get IPsec Site-to-Site Tunnel with NAT to work

    Hello everyone, I can't get an IPsec NAT Site-to_site tunnel to work. I get "IKE message (9C0134C0) retransmission to VPN.GATEWAY.ADRESSE.HERE timed out. Check if the remote gateway is reachable." (i can ping it) we have the following: I try to establish…
  • Issues with VPN Site to Site from Sophos Firewall to Cisco ASA

    Hello, Perform a Site to Site VPN configuration Sophos FW to Cisco ASA, when I select the KEY Exchange in IKE1 the VPN connects correctly, the problem is when I select IKE2 since the connection is not made. Could you please help me solve this problem…
  • Rock Solid Site2Site crashed after upgrading from 18.5.3 to 19.5 GA on Both Sides

    Hi, I had a S2S VPN between a XGS2100 (18.5.3) and XG125 (19.0.1) After upgrading both Sites for 19.5 GA the VPN connection crashes 2-3 times a week. The VPN is up and connected, but no traffic is routed from S2S, only a manual disconnect and reconnect…
  • XGS2100 + SG115 Site-to-Site IPSec VPN

    Hello, I have a problem with an Upgrade on the XGS2100. at this Moment i have running SFOS 18.5.3 MR-3-Build408 on the XGS2100, on the SG115 9.713-19. When i Upgrade the XGS2100 to SFOS 19.0.1 MR-1-Build365 the Site-to-Site IPSec VPN don´t let any…
  • Sophos xgs on prem Firewall Ipsec tunnel to Azure sophos xg firewall

    Hi all As per the subject we are busy testing to see if we can establish a site to site vpn tunnel between our on prem Sophos firewall and a newly created virtual Sophos xg firewall in Azure but we cant seem to get the tunnel to come up. So firstly…
  • Remote Access Network via VPN and NAT

    Hello, we have a Sophos XG115 Firewall and we need to connect to another company who hosts our (future) software. These company gave us the vpn specification we need (an we cannot change anything on these data) to connect to their cisco router. However…
  • Route internet traffic across IPSEC

    I have the following setup with an IPSEC tunnel between the two Sophos XG firewalls. Internet traffic from 192.168.1.1 goes out through Internet 1 I want to say that for traffic with a destination of 8.8.8.8, go across the IPSEC tunnel and out through…
  • IPSec VPN to Draytek do not reconnect randomly

    Hi, I have XGS-126 as IPSec VPN client, calling Draytek router as VPN server. I also tried to reverse sides , but the problem remains the same. From time to time, very randomly, it might be once every 2-3 weeks, or even so frequently like 4 times…
  • Site2Site Tunnel with Opnsense causes NO_PROPOSAL_CHOOSEN

    Hi all, Sophos XG 330 with up to date FW I am trying to build a site2site tunnel with an opnsense. All setup seems OK but: XG330_WP02_SFOS 18.5.5 MR-5-Build509# tail -f ipsec_conn/ipsec_Test.log [ENC] generating AGGRESSIVE request 0 [ SA KE No ID…
  • VPN as next hop-Static Routing

    Hi, How do I choose a VPN tunnel as a next hop in Static routing? The VPNs don't show up in the interface list here- I have multiple VPNs terminating on the same external IP/interface, and I want traffic from one VPN to route to another VPN…
  • S2S VPN Configuration

    Hi, I want to route traffic through 2 firewalls, via S2SVPN connections, one of the VPNs, R1 to R2 already exists, but the other, R1 to R2 doesn't, so I need to create it. I am unsure about what Local IP address/subnet to use for router B? Do I create…
  • Site 2 Site VPN open but but hosts not reachable

    Hi there I configured a site to site VPN on a XG 115 On the other side we have a Zyxel Firewall, The VPN seems to work, VPN green and connection green. But hosts are not reachable on the remote side. I think it is a Firewall rule missing on the…
  • No acess with only ping and smb - vpn ipsec site ti site

    Hi all , Today i have weired problem ! I have vpn ipsec connection between HQ and BO There are few protocols allowed between the two LANS, but all access are initiated from HQ like RDP, Ping or access th share folder (SMB) So everything working…
  • VPN failover to Azure

    Hi, community. I have an issue with my failover VPN to Azure. I have an XG210 v19, connected to 2 ISPs. I have a VPN connection to Azure cloud for SAP services. As recommended for Sophos, I created the VPN as tunnel interface, with xfrm interfaces.…