Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • IPSEC Sophos XG 18.5 (Nat configuration from tunnel)

    Hello, I got a IPSEC VPN from my sophos xg to remote firewall. Many subnet from my side are nated dynamiclaly with 172.30.10.0/24 to reach different subnet on the other side. Like (192.168.1.0/24 , 192.168.2.0/24 ...are nated with 172.30.10.0/24…
  • aws site to site

    I have site-to-site connection from office to AWS VPC 1 another one from office to AWS VPC 2, using a firewall XG230 in office, what can be done to create a communication between AWS VPC1 and 2.
  • XG v19.5.2 ipsec VPN routing problems

    I am having difficulty routing across our vpn's. I need for Host1 and Hostt2 to be able to reach Alert11, Alert12, and Alert13 but currently that isn't happening. I can reach Gateway11, Gateway12 and Gateway13. The network looks like this: NetworkA…
  • Vpn IPsec issue

    We have issue with IPsec configuration we create branch and headquarter vpn but not connect all setting is ok The main firewall is fiber connection The branch firewall is 5G router connection Reply to chat and email / turky@thearchcapital.com
  • Site-to-Site IPSec Not Working As Intended

    Hi. I am currently working with a test environment and have configured two XG firewalls to have an IPSec Policy-based site-to-site connection between them. I cannot get the IPSec connection to forward traffic correctly. I have been trying for hours…
  • Internet traffic not routed from branch office through head office via site-to-site VPN

    Hi, we have a head office XG135 and 4 branch offices connected with site-to-site vpns and various sophos firewalls. ( 125, 87,86 ) VPNs are working fine. We want to route all internt traffic from the branch offices through the headoffice internet…
  • XG 210 IPSEC DOWN FAILED PARSING IKE

    Hi, We are losing our ipsec link after some time. (randomly) Initial connection is ok no problem But in logs we have this message : IPSEC FAILED Couldn't parse IKE message from : X.X.X.X Check the debugs logs ID 18052 If i reinitiate manually…
  • NAT Regel erstellen

    Hi zusammen, seit genau einem Monat haben wir eine XGS 2300 im Einsatz und haben derzeit Probleme mit den NAT Regeln. Hier brauche ich einen Denkanstoß oder Hinweise an welcher Stelle es klemmen könnte. Kurz zum Aufbau. Wir haben einen IPsec Tunnel mit…
  • IPSec to Azure - Tunnel interface missing after creation

    Hi all, I have been having an issue with my XG330 firewall. I created a Tunnel Interface to Azure, and see that the IPSec tunnel is not appearing under my network interfaces. I have followed the documentation highlighted here. Sophos Firewall: Configuring…
  • Sophos to Fortigate site to site issue

    Anyone has a experience on create a site to ste vpn with fortigate firewall (as spokes and Sophos as hub), and face the ff issue: Random instances the spoke site went down even the isp has stable connection. And every time one or 2 sites (spoke, we…
  • IPSEC VPN intermittent communication issue

    Setup: Sophos XGS 87 (SFOS 19.5.1 MR-1-Build 278) and Sophos XG210 (SFOS 19.5.1 MR-1-Build278) Connection type: IPSEC VPN Site to Site Issue: The communication between the 2 site networks works well for sometime and suddenly the communication breaks…
  • New S2S can't connect

    MO: XGS136/SFOS v19,5,2. Not in production yet, setting up to replace production firewall. BO: XG115/SFOS v19.5.2. In production. MO & BO have had an IPSec S2S running for a long time with the MO production firewall. The MO XGS that will replace…
  • Webserver Protection for Host behind IP tunnel

    Hello everybody, I'm currently trying to establish the WAF setup for the current confirguration: Two sites are connected via IP Tunnel and everything is properly working with the static routes set-up. Now we have the need to setup Webserver Protection…
  • Site 2 Site VPN with multiple remotes having dynamic WAN IP addresses

    Hello, We have an XGS firewall at our HQ location, set up with several Site to Site VPN connections with remote XGS firewalls that have Static WAN IP addresses. I also have one site2site set up with a remote location with a dynamic WAN ip address…
  • Hub and Spoke with Sophos as HO and Fortigate as Branches

    We will migrate our Fortigate to Sophos XG, and one of our requirement is to create a IPsec site to site with Sophos XG 3300 ( as HUB or Head office) to small FortiGate in client branches (as Spoke). The problem is, I don't see any KB/Doc about creating…
  • Sophos XG Firewall - IPSEC VPN MFA ISSUE with OTP PIN

    Hi, I have XG125 (SFOS 19.5.1 MR-1-Build278) and IPSEC Remote Access for the users with internal OTP MFA. Remote users started to report disconnecting the VPN during the day, BUT also the need for MFA PIN to be entered multiple times a day. For example…
  • IPSec (Using NAT) add multiple local network

    Hello, We have created the IPSec tunnel (uses NAT) to application provider dc. Internal network is translated to NAT IP (provided by application provider). Tunnel is working. Now, we have to add SSL vpn remote access network to that IPSec tunnel…
  • VPN Ipsec Site-to-site

    Hi. I have a site-to-site ipesc tunnel with my branch, the tunnel is connected to both parts, I have two rules created, Inbound and Outbound rule, the inbound rule works perfectly, all clients on the branch network can connect to my servers, but the…
  • Read IPSec Connection Status via API

    Hello, I was able to Active/DeActive an IPSec Connection via API (See the following thread) Activate and deactivate IPsec connection via CLI What I am not able to do is to read the actual status of the IPSec Connection. I was able to read out the…
  • WAF for Web-Server behind IPsec-Connection

    Hello, I have the problem with an XGS 107 (19.5.2-B624) that a web server (10.203.111.101), which is located behind an IPsec connection, is not reachable via the WAF. When accessing the web server via the Internet, I get the code 503. However, the problem…
  • Devices behind RED20 can not Access Server within Site 2 Site VPN connected by XG

    Hi friends, today I'm facing a fancy issue with one of our smaller customers. We try to connect to an RDP-Server within a Site2Site VPN. From XG LAN we are able to connect to the RDP-Server with any client within the LAN-Zone. Now we need to get…
  • Sophos Firewall: Configure a Site-to-site IPsec VPN connection between Sophos Firewall and UTM using a preshared key

    Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table of Contents Overview Product and Environment …
  • Sophos Firewall Authentication to server in Azure across VPN Tunnel

    I recently worked through a problem where an on premise firewall was unable to authenticate Remote Access VPN users with Active Directory as the server is hosted in Azure through a VPN (Active Directory is used instead of AAD as it's less expensive to…
  • Sophos v19 Site To Site VPN Multiple Wan Routing Problem

    Hello everyone, After migrating to version 19, we wanted to remove the migrated rules and rewrite the all configuration. However, we ran into some problems with the reconfiguration. We have 2 WAN internet interface and do not do load balancing or…
  • RED to Branch Office via Site to Site VPN

    Hi, Having a problem trying to get RED traffic passing over a Site-to-Site VPN to branch offices. RED connected to Head Office. Site-to-Site VPN configured and pushed by Central to Head Office and Branch Office. The branch office subnets…