Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • Sophos Firewall: Policy-Based IPsec with Oracle Cloud Infrastructure(OCI)

    Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Note: The following KB is an updated version of the Sophos Firewall…
  • XGS IPSec S2S Azure and isolating a shared MAC Mini with SSL VPN Contractor

    Hello all, Network (kinda) and XGS newb is back with another question. I'm pretty sure the answer is going to be a "yes/no and you're just missing this little step to get it done". I've included a summarizing picture. Presently working: We have an…
  • SSL VPN Performance is horrible using TCP or UDP

    We have 2 XG330 in HA, a 300Mbit connection and are using the SFOS 20.0.0 GA-Build222 firmware with Sophos Connect. Using the SSL VPN with UDP we are seeing speeds of 3.6Mbit down and 6.9Mbit up. The Client has 100Mbit. I've read a lot of different…
  • Possible bug: Issue in site to site VPN ipsec changing WAN interface

    Hello, I have an issue with site to site vpn IPSec. I suppose it is a bug. Scenario: You have 1 WAN port (port 2) You have some created site to site VPN IPSEC (initiate the connection type) Follow these steps to reproduce the issue: - Configure…
  • Remote Access SSL VPN Static IP address results in route issues

    Hello there I'm using version XGS2100 (SFOS 20.0.0 GA-Build222) and getting an error in SSL VPN Static IP When I use static IP for VPN user, the firewall cannot connect to the static ip of vpn user When i have the static IP Address disabled in my…
  • Erneuerung SSL Zertifikat für VPN?

    Wir verwenden im Unternehmen die Sophos Firewall und das Sophos Connect für den VPN-Zugang. Demnächst läuft eines unserer SSL-Zertifikate aus. Da ich noch recht unerfahren im Umgang mit Sophos bin, wollte ich nun wissen, ob das Auswirkungen auf unsere…
  • Sophos Connect 2.2 scx file gateway_order not working

    I have a Sophos that has a publicly accessible IP address which I will call 47.x.x.x, and this same IP is also publicly reachable via DNS name which I will call myhost.com. I have IPsec set up and working on my Sophos v20 firewall. I have Sophos Client…
  • SSL VPN Sophos Connect failed

    We created SSL VPN from Sophos firewall But still connection from sophos connect not stablished, the indication error displayed by this message " DNS Resolution failed for gateway : Firewall DNS Name
  • Sophos 20 RED - power failure and quarantine (lockout)

    Hello! Power outage for a few days and now 20 RED locked or quarantined. How can I unlock it? And how (I need exact instructions)?
  • IPSec VPN access

    I'm using the Home Firewall 20.0. I configured IPSec VPN using the Sophos instructional video. I used the default profile. I'm on the road, and trying to connect to devices on my home LAN, via the VPN. Let's call the LAN subnet X.X.X.0/24. The Sophos…
  • Multicast Forwarding issues

    We have recently set up Multicast forwarding between our main office and a remote location via a site-to-site vpn. The Multicast forwarding is working from the remote location back to the main office, however, the system we need to multicast in the…
  • Multicast Traffic Forwarding over IPSec vpn

    We are trying to forward multicast traffic for 239.1.1.2 between our Main Site to one of our remote sites via a Site-to-Site IPSec VPN connection. I have following the instructions here: https://support.sophos.com/support/s/article/KB-000038580?language…
  • SSLVPN Certificate renewals require re-download?

    I'm aware of the KB that states when it is required to re-download the SSLVPN configuration when changing global settings but it doesn't specify the certificate as one of these things. So what happens if you renew an active certificate before it expires…
  • IPSec tunnel interface for same interface WAN and remote adress 0.0.0.0

    Hello, Is there a way to configure a VPN tunnel interface scenario, using the same WAN interface to receive the connection from remote points? In this case, I have only 1 internet link on site A with a fixed IP, and I have several remote branches…
  • IPSEC XG Failover

    Hello, We have set up an IPSEC connection and want to set up a failover. We have checked the connection of the backup IPSEC connection and the tunnel could also be established. However, if we use the IPSEC connection in a failover group as backup IPSEC…
  • Sophos SSL VPN with Sophos Connect with MAC (arm M1 M2 M3 architecture)

    Hi, we cant geht Sophos Connect Software on a MacBook Pro 2021 macOS 14.4.1 (with M1 Chip) imorting the SSL VPN .opnv Files Error: can't parse the file we tryed to change the Config removing: comp-lzo yes adding: compress lzo according…
  • Sophos Connect SSL warning message

    This message pops up when I try to connect. We have other people using the same setup without issue. Is there something wrong with my config file? It does connect, but it needs to be secure. My Config file looks like this: [ { "gateway": "REDACTED…
  • NOT RECEIVING THE INCOMING TRAFFIC FROM VPN TUNNEL

    Hello guys, I really need your help i am facing the challenge since am not receiving the traffic from remote machine i have attached the captured traffic and denied logs from the specific machine....i can reach the remote machine by ping and telnet…
  • IPSec to Azure

    Hello! We are an MSP with about 20 clients that have servers hosted in Azure. These 20 clients have various hardware models of Sophos XG and XGS firewalls with various steps of firmware from 19.5.3 to 20.0.22. Those firewalls have an IPSec site to site…
  • LLMNR disabled

    Hello, regarding to this post: LLMNR disabled - DNS resolution no longer works over VPN when will version 2.3 of sophos connect be published? kind regards
  • Enable SSL VPN and Internal Exposted Host

    Hi, I have an internal IP exposted to the public IP and this also works like it should. External traffic is translated to that host and you can access that host from the Internet. Now I wanted to add a SSL VPN Connection, made a firewall rule, a policy…
  • Access RED LAN network from local LAN (RED WAN TO RED LAN)

    I have a customer that uses SOPHOS FIREWALL and have connected a bunch of RED 15 and RED 20 devices. And for my customers end users they usualy connect to their RED device using SOPHOS CONNECTS . But mor and more often , they ask if it is possible for…
  • IPsec Remote Access VPN - Force specific traffic through VPN

    I reviewed this : Force specific websites through VPN tunnel? This works for SSL VPN. However adding a host IP under IPsec Remote Access does nothing. Also cannot add an FQDN host under IPsec Remote Access under v20. Is there any way to get this…
  • Can't access Admin GUI unless I SSH first

    I have two home deployments of Sophos Firewall v20, one at home and one at a family vacation home. I've set up VPN, routes, and rules between without issue. But the strangest issue that I can't seem to resolve is that with the vacation home the Admin…
  • IPSec Site-to-Site VPN Local Subnet Becomes Unreachable due to Inactivity

    Hello, I'm experiencing the exactly same problem as the guy in this (sadly locked) thread: IPSec Site-to-Site VPN Local Subnet Becomes Unreachable due to Inactivity As the thread ends with him contacting the support and no real solution, I was…