Hi. I am currently working with a test environment and have configured two XG firewalls to have an IPSec Policy-based site-to-site connection between them. I cannot get the IPSec connection to forward traffic correctly. I have been trying for hours…

Hi, we have a head office XG135 and 4 branch offices connected with site-to-site vpns and various sophos firewalls. ( 125, 87,86 ) VPNs are working fine. We want to route all internt traffic from the branch offices through the headoffice internet…

Hi, We are losing our ipsec link after some time. (randomly) Initial connection is ok no problem But in logs we have this message : IPSEC FAILED Couldn't parse IKE message from : X.X.X.X Check the debugs logs ID 18052 If i reinitiate manually…

Hi all, I have been having an issue with my XG330 firewall. I created a Tunnel Interface to Azure, and see that the IPSec tunnel is not appearing under my network interfaces. I have followed the documentation highlighted here. Sophos Firewall: Configuring…

Anyone has a experience on create a site to ste vpn with fortigate firewall (as spokes and Sophos as hub), and face the ff issue: Random instances the spoke site went down even the isp has stable connection. And every time one or 2 sites (spoke, we…

Setup: Sophos XGS 87 (SFOS 19.5.1 MR-1-Build 278) and Sophos XG210 (SFOS 19.5.1 MR-1-Build278) Connection type: IPSEC VPN Site to Site Issue: The communication between the 2 site networks works well for sometime and suddenly the communication breaks…

MO: XGS136/SFOS v19,5,2. Not in production yet, setting up to replace production firewall. BO: XG115/SFOS v19.5.2. In production. MO & BO have had an IPSec S2S running for a long time with the MO production firewall. The MO XGS that will replace…

Hello, We have an XGS firewall at our HQ location, set up with several Site to Site VPN connections with remote XGS firewalls that have Static WAN IP addresses. I also have one site2site set up with a remote location with a dynamic WAN ip address…

We will migrate our Fortigate to Sophos XG, and one of our requirement is to create a IPsec site to site with Sophos XG 3300 ( as HUB or Head office) to small FortiGate in client branches (as Spoke). The problem is, I don't see any KB/Doc about creating…

Hello, We have created the IPSec tunnel (uses NAT) to application provider dc. Internal network is translated to NAT IP (provided by application provider). Tunnel is working. Now, we have to add SSL vpn remote access network to that IPSec tunnel…

Hi. I have a site-to-site ipesc tunnel with my branch, the tunnel is connected to both parts, I have two rules created, Inbound and Outbound rule, the inbound rule works perfectly, all clients on the branch network can connect to my servers, but the…

I recently worked through a problem where an on premise firewall was unable to authenticate Remote Access VPN users with Active Directory as the server is hosted in Azure through a VPN (Active Directory is used instead of AAD as it's less expensive to…

Hello everyone, After migrating to version 19, we wanted to remove the migrated rules and rewrite the all configuration. However, we ran into some problems with the reconfiguration. We have 2 WAN internet interface and do not do load balancing or…

Hello guys, what is your suggestion to establish an IPSec tunnel with a Cisco router that is configured: Phase1 algorithms: 3des and MD5 Phase2 algorithms: esp-3des and esp-sha-hmac

Greetings and thanks for reading! I'll have to start by asking for some patience as I'm new to the Sophos firewall platform. I'm going to provide a lot of detail to make sure I dont miss something important. I work for a small university and am trying…

I have this situation: HEAD OFFICE: IP: 192.168.75.0/24 BRANCH OFFICE IP: 192.168.82.0/24 Host: 192.168.82.64 I established a S2S between the two firewalls but I need to publish from te WAN head office a service on a remote host in branch…

hi everyone. i have created ipsec route base vpn but when everything done, the traffic is going through wrong tunnel interface. the precedence route is static > sd wan route > vpn route. ipsec status is up. and i have added route to the remote…

Hi there. I have 3 sites, each connected to our datacenter. Location 2 has a Tunnel interface connection, Location 1 and 3 have a Site-to-site connection. Like this: Location1 ====sitetositetunnel===== Datacenter=====tunnel=====Location2 Location1…

Hello guys, Im facing a bit problem with IPSEC VPN in Tunnel mode. When the WAN link goes down in BO or HO the IPSEC tunnel does not reconnect automatically. I need force reconnect manually (clicking in red circle). Im using the default "Head office…

I have a scenario I could not find an answer for. I have a health probe that comes in over my established VPN tunnel interface xfr1. These can be typical ICMP Requests that source from various IPs, or they can be constructed packets where there is an…

Hi All, We have Head Office with 6 Branch Offices. Each Branch office is connected to the Head Office via a Policy Based IPSEC S2S VPN. The head office and branch offices all have 4G backup internet. Hence, this requires 4 tunnels per branch office…

I have a site to site VPN between a Sophos XGS 116 and Cisco ASA 5516-X firewall. I have the two WANs configured (active/backup), and a VPN failover group created. When the main ISP goes down, the backup ISP takes over and the VPN continues to work as…

Hi there Have setup a VPN to AWS from a XG on v 19.5 firmware I used the VPC config file provided by AWS on the VPN Gateway and uploaded it to the Sophos as a VPC site to site VPN. The BGP and VPN comes up - however once up the WAN interface…

Hi I have configured a GRE tunnel between two Sophos Firewalls and it works fine and I am able to ping both GRE tunnel IPs from other side. I am trying to add GRE tunnel IP address of other side as SD-WAN Gateway so I could route traffic by SDWAN rules…

Hi Folks, We are facing a strange behavior when using IPSEC Tunnel Mode and SDWAN routing. When using IPSEC Tunnel Mode thw access between Hosts (behind XG Firewall) from BO and HO it works as expected, but when I try access XG GUI from HO side via…