Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • No Access to new VPN Portal

    Hi everyone, I have updated my XG to the new SFOS 20 and set everything up according to the knowledgebase article. When I now go to my URL " ">https://firewall.my_Domain.de" , I get a "forbidden" I also have a WAF rule that points to my bookstack. As…
  • Appliance Certificate - RED fail PCI Scan

    Last year or so ago we had a case regarding this issue. Once again a vendor conducted a friendly PCI scan on our public interfaces and send us a notice of Non-compliance. The robot scanner is seeing the self-signed appliance certificate on PORT 3400…
  • Checking the connection over a long period of time

    Hello, we have two firewalls of the XGS segment connected over a Red tunnel. On one end we have a hardware terminal that is used to take the working times of our employee. Now we have the situation that every few days the terminals losts connections…
  • RED VPN specs

    Hello, A customer is asking me for RED VPN specs: What protocol is used? VPN/IPSEC? SSL? If IPSEC, which IPSEC protocol is used? AH? ESP? Which mode? Transport? Tunnel? Which EAP authentication protocol? Is it mutual client/server authentication…
  • Azure SAML auth for Connect SSL VPN

    Hi, what is the status of this development, when is it coming? has sophos not yet understood how important this is for customers? the workaround that you send to people here in the forum does not always work properly either. we need a solutions, now…
  • SNAT over ipsec not working XGS2100

    I am referring this post with similar issue DNS request to DNS over Site2Site VPN I have below setup XG310 -- branch office XG430 -HA -- Head office Now I got XGS2100 - 2nd branch office ( Gateway local ip: 172.16.1.100 ) XGS2100 …
  • Azure Pfsense 23.09.1 site to site ipsec to on prim sophos SFVH (SFOS 20.0.0 GA-Build222)

    For a few days now I have been attempting to get a ipsec site to site between these two firewalls and even have the pro customer support pfsense involved. All there suggestions have been unsuccessful in getting the two to talk to each other. all guides…
  • Limit NON MFA ssl vpn access to specific public ip

    Hello everyone, I searched the forum if there is a way to limit SSL VPN access to a specific Public Ip Address but it seems to me that You cannot do it. I see that when You create a Group or a User there is a section called "Limit access" that lets…
  • VLAN in a IPsec Tunnel randomly stop communicating.

    Hello I recently upgraded my Sophos XG 2300 to SFOS v20 which is in Head Office, where I am running site to site vpn: IPsec tunnels to 6 branch offices and IPsec Profile is set to Head Office, policy based for all IPsec Tunnels on Head Office firewall…
  • Site-to-Site VPN

    Hi, I have a constellation with a site-to-site VPN between a Sophos XGS116 and a Sonicwall TZ400 at a customer's. The connection between the two devices keeps breaking down. On the Sonicwall you can also see that the VPN tunnel has been disconnected,…
  • SSLVPN Split Tunnel DNS Resolution failed

    Hi, when using SSLVPN in split-tunnel mode, DNS resolution to internal resources is not possible. A ping returns "Host not found". When I perform a nslookup, the XGS is contacted and resolves successfully. I've also tried several VPN clients, including…
  • How to modify target Host for IPsec remote access

    With Sophos Connect Admin I can modify Target host definition for IPSec remote access connection. With XG I can do same already on XG for SSL VPN (Override hostname). However, I cannot override hostname for IPSec remote access configuration via Web-console…
  • OPEN VPN stuck on Resolve : Cannot resolve host address : 8443 : tcp-client

    Good day l am trying to use SSl vpn on android devices. and open vpn is showing the below error. OPEN VPN stuck on Resolve : Cannot resolve host address : 8443 : tcp-client (servername not supported for ai_socket). The vpn is working fine on sophos…
  • Change AD Domain name for IPSec

    Hi Our staff currently VPN using the Sophos Connect client over IPSec with AD authentication. We are having a rebrand so will be changing our external domain name. But we will be keeping our old one. How do I confirgure AD and Sophos to use the…
  • Can’t route self-generated packets

    Hello, I work on 2 Sophos XG on 2 different sites. They communicate with each other using a Site-to-Site IPSec VPN. Site A : Sophos-XGS 33100 (SFOS 19.5.3) Site B : Sophos-XG 330 (SFOS 19.5.3) 3 subnets of Sophos A are configured to be able…
  • SSL VPN HOSTNAME ADD

    Hi, we are using SSL VPN and i have added public IP address in override hostname for vpn access. if ISP Failure that case i need to change or change in .OVA file. now we need to add hostname instead of ip address
  • SSL VPN client for Mac

    I am a Mac user, until today I used Sophos Connect for Mac version 1.4 (ipsec VPN) I realized that there was a CVE on the Mac version of the application, but not on the Windows version, which has since been updated. So I'm at a dead end. My only option…
  • SSL VPN : MAC Address and User Active Duration

    Hi, Currently we are using Firewall XG310 and SFOS v20 . My question is : 1. How to bind vpn user mac-address without asking their mac-address manually? Could sophos FW detect it automatically ? 2. Could we set vpn user state duration ? Example…
  • display problem with the Sophos Connect VPN

    Hello, I have a display problem with the Sophos Connect VPN tool, please find below a screenshot
  • on Sophos Firewall, if I update and regenerate the default CA, what are the implications?

    On Sophos Firewall, if I update and regenerate the default CA, what are the implications? I have a firewall that is setup, the default CA hasn't been customised so far. I need to setup a S2S IPsec VPN with certificates and wanted to customise this before…
  • Outgoing openvpn connection through SophosXG: Constant disconnects and Transport error inovpn log

    Hello, i have yet again a strange error. We have some clients in our network that use openvpn connections with Openvpn client is v3.4.4.3. They can connect successfully and have mostly 1-2 Disconnects, but now constantly disconnects to the target. I…
  • Sophos Connect Multiple Gateway order not working

    Hi, i createa .pro file using the link https://docs.sophos.com/nsg/sophos-firewall/19.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/RemoteAccessVPN/IPsecSSL/SophosConnect/RAVPNSConProvisioningFile/index.html#templates but it does not switch over…
  • Firewall Policy with Limited Access no Working

    Hi, I have two WAN Links. Firewall rules and sd-wan routes are created. If I add a new firewall policy to allow internet for a server that is not included in the default policy, it does not work. I created a new nat policy and sd-wan rule, but it did…
  • Sophos Firewall Route traffic through GRE Tunnel

    Hello, I am really struggling with this and would greatly appreciate any help that could be given. I have set up an X4B.net GRE tunnel using this guide: https://support.sophos.com/support/s/article/KB-000035813?language=en_US#GRE_route . This seems to…
  • Unable to connect Digibox/Bintec Router to Sophos XG via IPsec

    Hello, I'm unable to connect a Telekom Digibox (branded Bintec Router) to a Sophos XG via IPsec VPN. charon.log of the Sophos Firewall: 2024-02-16 12:26:17Z 28[NET] <9> received packet: from <branch ip>[500] to <head ip>[500] (512 bytes) 2024-02…