Hello Community, here's the situation: Head Office (HO) : two WAN uplink connections, both have static IPs. One connection is 'cost based' and slower (backup WAN) and the other is quicker and has no traffic costs (primary WAN). Weights have been configured…

Dear Community Members, I am immensely grateful for being part of this wonderful community. Could someone kindly provide guidance on how to upgrade SophosConnect_2.2.90.msi to SophosConnect_2.3.0.msi using Group Policy (GPO)? Alternatively, if there is…

Buenas tardes, Me pueden ayudar por favor con algún comando o instrucción para forzar la desinstalación de la VPN "SSL VPN Sophos (Semáforo)" de forma desatendida (Remota) en 150 equipos para luego actualizar e instalar a Sophos Connect, Muchas gracias…

I have a Sophos that has a publicly accessible IP address which I will call 47.x.x.x, and this same IP is also publicly reachable via DNS name which I will call myhost.com. I have IPsec set up and working on my Sophos v20 firewall. I have Sophos Client…

Hi, as we can read in multiple threads, Sophos does not think multi-user devices are important. Sophos Connect with multiple users on the same PC - Discussions - Sophos Firewall - Sophos Community Sophos Connect client multi-user environment: usage…

We have a community post 5 years ago regarding Captive portal on branch site with RED on standard/split setup. The answer was that is not possible because, in Standard/Split implementation, the internet traffic is routed directly from the RED to the…

Hello! I know that a few years ago there was a feature request on the currently retired Sophos's ideas portal, regarding remote access SSL VPN with certificate only based authentication, for Sophos XGS firewalls. Does anybody know if it's possible right…

Hello everyone, I searched the forum if there is a way to limit SSL VPN access to a specific Public Ip Address but it seems to me that You cannot do it. I see that when You create a Group or a User there is a section called "Limit access" that lets…

Hi, what is the status of this development, when is it coming? has sophos not yet understood how important this is for customers? the workaround that you send to people here in the forum does not always work properly either. we need a solutions, now…

With Sophos Connect Admin I can modify Target host definition for IPSec remote access connection. With XG I can do same already on XG for SSL VPN (Override hostname). However, I cannot override hostname for IPSec remote access configuration via Web-console…

Hello Everyone I will explain the issue we came up with. In our company users use their company laptops to connect to the company through SSL VPN and then use remote desktop to connect to their computers. Some of the users they find it more comfortable…

Currently when you export the SCX file (or use a provisioning/pro file to automatically update the VPN configuration in the Sophos Connect client) the file's "gateway" parameter has the WAN IP of the Sophos XG firewall. Our firewall is currently behind…

SSL VPN is used as full tunnel and the requirement is when the VPN is connected with firewall just the local application/network should be accessible. Checked the configuration and it was proper NO VPN to WAN rule was present hence the WAN traffic…

When will IKEv2 for Remote Access VPN be available?

Hello, Is there a way to import two connections to the same Sophos in the Sophos VPN Client? The normal VPN User are Domain Users. I have also set up a local user on Sophos in case of an emergency - a failure of the domain server. I would like to…

Good day together I normally look after Zyxel firewalls, but I was now allowed to take over a Sophos customer from a former colleague. I would like to switch this customer from IKEv1 to IKEv2, but I don't want to make a hard switch. So that the customer…

We have autoconnect enabled for users, and used to have MFA (Sophos) enabled. We had to disable MFA as it was causing grief for remote users with flakey Internet (and no other ISP options available). Internet connections would go down for a few seconds…

Hi all, we would like to monitor the currently connected number of ssl vpn users with PRTG. Unfortunately there seems to be no snmp oid for this - see SNMP - Number of VPN Users? Any other ways to access this value? Sophos API, SSH? Any plans to create…

Why can't you view your site-to-site settings when you have a failover group active. Whenever I'm working with a SOPHOS engineer on an issue, the first thing they want to do is view the VPN settings, but they can't without taking the VPN tunnel offline…

hi all, we encountered some limitation with sophos fw, under SFOS 19.5 with IPSEC configuration. There is no possibility to set null encryption under ipsec phase 2 part. Is there a way to bypass this limitation ?

Hello @all, if you have 80 networks, do you really have to add all 80 networks by hand (same to new networks)? No way to allow access to ANY?

Hi, Is there an option to enforce local users created on Sophos XG2100 firewall to change passwords when they first login with their provided username and password on IPsec Remote access VPN Connection. Password change option is available in User…

Hi, we have a head office with an XGS 136 and a satellite office with an SD-RED 60 on Starlink. The Starlink isn't that great so I need to be able to add a 2nd WAN link. This link uses PPPoE to authenticate. How can I configure the 2nd WAN on the RED…

Hello, Any way to monitor VPN Ipsec status ? API , SNMP ? this , should be a basic option... im not able to find anythings in sophos mib and the API... Did someone make it ? get vpn status like up or down ? :p Best Regards,

Hi Sophos, Recently, during an implementation of SD-RED 60, I was faced with an impossibility to configure a VLAN connection on the SD-RED uplink interface. Here in Portugal, ISP's provide internet connections configured with VLAN. Here an example…