still no customized IPsec policy's

I'm being told the new client should support customized IPsec policy's. As far as I could see that's not implemented so far.

As long as this is not possible connection will still be terminated after 4 hour's if user does not re-authenticate with OTP because there is no way the change Rekey time for IKE. Would that be possible in the near future?

Parents
  • Had this problem too, was told by support that you could extend it to up to 24 hours by following these steps.

    ikekeylife is in seconds.

    NOTE: this is on a XG, no idea about the other product lines. I also have no idea if the policyid=5 is specific to our environment or not.

    1. Disable Sophos Connect VPN
    2. Login to Advanced CLI on the firewall
    3. Run this command
      1. psql -U nobody -d corporate -c "update tblvpnpolicy set ikekeylife=86400 where policyid=5;"
      2. should output "UPDATE 1"
    4. Enable Sophos Connect VPN
    5. Download the new configuration for the client.

     

    86400 = 24 hours. 

    So, just saying there is a LITTLE flexibility.

  • Be careful. Actually you are changing configuration things within the database of XG. That could lead to unwanted behavior. 

    __________________________________________________________________________________________________________________

Reply Children