We are trying to setup a IPSEC tunnel between a Sophos Firewall and a ISR4300 After activating its showing error Couldn't authenticate the local gateway. Check the authentication settings on both devices.

Hi all, AP configuration works. I am able to remove & add the AP's. AP's are recognized and shown as active. I can see the traffic between AP & XGS Port 2712. Traffic to port 8472 from firewall to AP is not answered, but i see packets from AP to APIPA…

Hi all, when we try to add or change a configuration on the IPsec settings page on our XG/XGS Firewalls we always have to wait for about 2 minutes for the site to load and for it to be usable. The web browser shows the message "This page is slowing…

After update to my xg firewall to v20 ipsec is become unstable. Randomly disconnection. openvpn client work without issue only ipsec have problem Some info: this setup worked for 2 year without a problem (another bug on v19 but fixed). Sophos firewall…

Hello Sophos Community, Is there any documentation or procedure to troubleshoot end user disconnection from our remote access IPsec VPN? I have been looking on how to look at the firewall logs but I couldn't finds anything usefull.

Hello @all, it is known that with IKEv1 on SFOS a new PSK overwrites all others PSKs if the gateways do not differ in the connections. Sadly I can not use IKEv2. Is it sufficient if just the local ID is different in connections and the remote ID is ANY…

Good morning. I have several XG/XGS of different clients configured with IPSEC against the same central, this central uses a CISCO firewall (we do not manage it). The problem we have is that every 30 minutes we receive an email from all the XG/XGS indicating…

Hi, What is the proper way to connect a branch having multiple internet gateways but the head office has only one gateway? The branch office WAN1 interface has a Real IP but WAN2 uses DDNS with a dynamic IP. Should the branch office have a failover…

Hi, One of my IPsec tunnels shows a yellow icon under the status but when I click on the connection details, all subnet connections show green. Any Suggestions?

Hi, We've run a flat lan for years at our main location. We've recently updated our network and added a few new VLANS to the mix. Now I have a problem. We have several Site-to-Site VPNs up and running that work great with our original VLAN1. However…

Hi, I have a Sophos XGS107 (SFOS 20.0.1 MR-1-Build342) setup with Site to Site vpn to a Mikrotik router. There is 4 vpn tunnels (or separate address pairs), It mostly works fine, but every other day one tunnel goes down. If I check in webgui >> site…

Hi all, we currently have 20 sites all using Sophos XG107 or XG 117 FW. all sites have a S2S VPN connection into AWS for SMB access. issue we have is failover internet, if failover is required then our VPN drops due to new IP. Failover internet is…

Hi, Are there any specific IPSec Profile recommendations for connecting the branch office that does not have a static real IP Address? I am currently using the DefaultBranchOffice profile, but it disconnects automatically after some time. Thanks.

Hello all, I have a situation with a IPsec VPN setup between two sites that have subnets that are the same. I followed these instructions and it worked ok; NAT with route-based IPsec when local and remote subnets are the same - Sophos Firewall However…

Hello, with the patch from Microsoft KB5040434 07/2024 there are problems with Radius authentication for L2TP. Without the patch, the client connection works without any problems. What can we do? Best Regards Dieter

Hello all, we are looking at a situation where we need to set up a site to site VPN to a vendor who is using a Fortigate gateway, and the same subnet is being used at both ends. I have reviewed the below link which covers this situation for Sophos to…

Hello, we are currently using Sophos Firewalls in a Hub-and-Spoke topology running SFOS 20.0. Some spokes are using WAN connections with dynamic IPs which will change from time to time. On those units we can observe that the corresponding XFRM interface…

Hello, We are having problems establishing an IPSEC tunnel between an XGS and a Fortigate firewall. Currently we receive the message “IKE SA proposals don't match. Check the phase 1 policy settings on both devices: IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5…

Hello, Im trying to test out Cloudflare magicwan and the guide says to disable ipsec anti replay protection. The guide shows a command for sfos v19 however this doesn't seem to exist in v20. The command is: set vpn ipsec-performance-setting anti…

Hello, we have set up several Policy Based IPSEc tunnels. These have different remote gateways, but some of them have the same remote IDs. Some connections crash after a certain time. Could this be due to the PSK in conjunction with the remote ID? As…

I have something strange for the following situation. VPN connection between site A and site B (tried both policy-based and route-based) and a policy-based VPN-connection between site B and site C. Intention is to reach site C from site A while there…

We have currently have two locations, each with a XG330 v19.5.4 MR4 and an EPL fiber connection between them that has a S2S IPSec tunnel setup and a static route on both ends pointing to the other. Each FW is setup with the local DC for user authentication…

Hello, I want to setup a S2S IPsec VPN between our Head office and Branch Office. The branch office has only IPv6. I have setup on btoh side the S2S VPN, but i cant get it to connect. And i even dont see any connection trys in the logs. For all other…

I don't know if this is the right configuration so bear with me. I have a connection that essentially functions as a direct ethernet line back to the main office, called an EPLAN. It is set up in my Branch Office in the LAN zone. Everything works OK…

Hi there, After the firmware update to SFOS 20.0.1 MR-1-Build342, we have rolled out the Sophos Connect Client v2.3.1. It turns out that DNS resolution does not work with IPsec. It looks like the wrong DNS servers are being entered here (ipv6). With SSL…