Thread Info
  • State Verified Answer
  • +2 person also asked this people also asked this
  • Replies 9 replies
  • Subscribers 7 subscribers
  • Views 4522 views
  • Users 0 members are here
Options
Suggested

still no customized IPsec policy's

NESCOM

I'm being told the new client should support customized IPsec policy's. As far as I could see that's not implemented so far.

As long as this is not possible connection will still be terminated after 4 hour's if user does not re-authenticate with OTP because there is no way the change Rekey time for IKE. Would that be possible in the near future?

Parents
  • 0

    Had this problem too, was told by support that you could extend it to up to 24 hours by following these steps.

    ikekeylife is in seconds.

    NOTE: this is on a XG, no idea about the other product lines. I also have no idea if the policyid=5 is specific to our environment or not.

    1. Disable Sophos Connect VPN
    2. Login to Advanced CLI on the firewall
    3. Run this command
      1. psql -U nobody -d corporate -c "update tblvpnpolicy set ikekeylife=86400 where policyid=5;"
      2. should output "UPDATE 1"
    4. Enable Sophos Connect VPN
    5. Download the new configuration for the client.

     

    86400 = 24 hours. 

    So, just saying there is a LITTLE flexibility.

  • 0 in reply to Dan Kahle

    Dan Kahle said:

    psql -U nobody -d corporate -c "update tblvpnpolicy set ikekeylife=86400 where policyid=5;"

    Hey thanks that you shared this information with us. 

    One question, is "tblvpnpolicy" a specific value one from your enviroment ? 

     

    Regards,
    Jonny

Reply Children
Unfiltered HTML