Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • IPSec VPN allows traffic to one subnet, but not another.

    I am trying to establish a Route based site-to-site IPSec VPN connection between two Sophos XG Firewalls (all fully up to date) - I followed this recipe . I have two subnets on the 'HeadOffice' Firewall - 192.168.22.0/24 and 192.168.23.0/24 and I have…
  • Site-to-Site connected but no traffic over failover GW

    Good day, On our XG230 [ SFOS 20.0.0 GA-Build222] we have two IPsec site-to-site tunnels on two different GWs. Both connect to the same remote GW but use Different NATed local Subnets to Fortigate Firewall. IPSec policies are the same no change there…
  • Sophos Connect v2.3 and SFOS v20 MR1 - SSL VPN - Delayed disconnection

    Hi, With the noon version of Sophos Connect v2.3 against SFOS v20 MR1, I encountered a bug in the delayed disconnection of SSL VPN server-side (XG Sophos firewall). On the client side the connection is already in a disconnected state, but on the firewall…
  • Keep Site-to-site Tunnel Connected?

    Hey All, I've created an IPsec tunnel between my Sophos XGS unit and a Meraki with the Sophos unit initiating the connection. Traffic is passing just fine, but the location where the Sophos unit is located has somewhat spotty internet. It appears…
  • SSL VPN Certificates and .cfg

    Hey there, on old SUM Firewalls there was an SSL VPN Installer incl. configuration on Userportal. When you have installed this, you got an openvpn.cfg file and the user certificate. I have changed our Firewall to an XGS and now i need the new…
  • SSL VPN Global Settings Apply Error

    In SSL VPN Global Settings, when I try to apply, I get the error message " You must enter a network IP address." This happens even when I don't make any changes. Any idea what's going on, and how to fix it? I'm on a XG125w (SFOS 20.0.0 GA-Build222…
  • Device on BO side of IPSec Site-to-site unable to ping HO side

    I have a scenario and trying to set something up for the interim. In essence, the requirement is to get an APP server at location A to connect to DB server in location B. The main issue with this is that both locations have the same subnet (E.g 172…
  • IPad via Remote VPN verbinden

    Moin, ich habe da mal eine Frage bzgl dem Zugang via Remote VPN in das eigene Firmennetzwerk sich per VPN zu verbinden mit einem IPad. Leider hat der Kunde noch eine Sophos XG86w Firerwall und die anderen Clients (Laptop mit Windows 10) konnecten…
  • SSL VPN Disconnection

    Hi, in my company users are using Sophos SSL VPN. The Sophos Connect is updated to version 2.3.0506 and the type of VPN is SSL/TCP. All users report frequent disconnections when using VPN, and there was the problem also with older client versions…
  • Comments in SCX files

    Hi all, When editing an SCX file for Sophos XG / Connect VPN, is there a way that you can add comments into the file for information, i.e. in a split tunnel config, can we make a note of what the network address / range relates to? Current config…
  • Sophos SD-RED 20 and 4g LTE Gateway

    Hello - I've been searching the community for something like this but have mostly found people talking about the 4g module for the SDRED or using a USB stick LTE connection. If we buy a 4g LTE router or modem that has an ethernet port for device connectivity…
  • SSL/TLS inspection für SSL-VPN-Verbindungen

    Hallo ihr lieben, unsere Familie ist ein bisschen verstreut unterwegs, aber alle greifen auf Zuhause zu. Das klappt hervorragend und fast so, wie ich und wir es mir wünschen. Ich habe eine Catch All-Regel für die SSL/TLS Inspection hinterlegt und…
  • Sophos SSL-VPN Benutzer Report

    Hallo zusammen, da wir eine Auswertung der HO-Tage unserer Mitarbeiter benötigen und diese das leider nicht zuverlässig eintragen, möchte ich die VPN-Nutzung der Mitarbeiter auswerten. Dazu habe ich bereits einen scheduled Report in der Sophos für jeden…
  • Failed to install Sophos Connect 2.3.0

    Hi Guys, I need help with this issue, have tired a few times to install Sophos Connect failed giving me error msg: Service 'OpenVPN Service' (OpenVPNServiceInteractive) failed to start. Verify that you have sufficient privileges to start system services…
  • SD-RED load balancing and routing

    Hello, We have deployed Sophos SD-RED 60 to our Office 4. This RED is currently connecting to Office 1. We have established SSL VPN tunnel between Office 1 and Office 2 where Office 1 is acting as server and pushing networks deployed at Office 4 as…
  • Site-to-site IPsec VPN with Mikrotik and Overlapping network

    Hi everyone, I'm having difficulty getting site to site IPsec to work properly with a Mikrotik device. Both LANs use the same class 192.168.99.0/24 and to configure the Sophos (SG115 SFOS 20.0.0 GA-Build222) I followed these instructions: https:/…
  • Sophos Connect Installation

    Hello All, Recently we are facing issue while installing sophos connect attached snip for your reference .please verify it and provide solution and help me to resolve this issue. Thanks in advance.
  • Sophos Connect 2.3 with disabled IPv6 component

    - upgraded our Windows Connect Clients from 2.2.9 to 2.3 - when now connecting with SSL VPN: The client is connected (all is working) but the state in Sophos Connect will not switch to connected and stays in "is connecting"... -> not possible to disconnect…
  • SSL VPN no Internet access

    I have set up a SSL VPN connection in SOHPOS Firewall v20 Build 222. I can access local services and machines no problems there, but I cant get internet access. When I ping external sources no packages comes through, however domain names are resolved…
  • Sophos XGS IPSEC site-to-site connection

    Hello, We are trying to establish an IPSEC VPN connection between 2 XGs Firewall. There is a Fritzbox behind the firewall at both locations. We have already tested many different settings and policies but keep getting the following error message: …
  • Fluctuating WAN IP with Dynamic DNS in Sophos Gateway Firewalls

    I was seeking a solution for an issue encountered with my client’s Sophos Gateway Firewall (Site-to-Site IPsec VPN Setup), which was due to the ISP’s PPPoE Service causing frequent changes in the WAN Interface IP. I’ve learned that Dynamic DNS could…
  • Dynamic WAN IP With IPSec Site to Site

    The client has a Sophos XGS107 in the branch office and an XGS2100 in the head office. We have site-to-site IPSec with PSK with HO to 2 BO. Due to the PPPoE WAN IP provided by the ISP, the firewall’s WAN interface IP changes frequently. We face a challenge…
  • IPSec site-to-site with login/password authentication

    Hi, I'm trying to set up an IPSec VPN on a Sophos XG to connect as site-to-site to an internet box that serves as a IPSec (IKEv2) VPN server. When configuring a new VPN user, the box only gives username/password and VPN server address. Is it possible…
  • Country Restriction vpn ssl

    I have configured an SSL VPN to which I want to apply a restriction so that it only allows connections from Colombia, I have created the ACL allowing "Colombia" in the Source and selected the User Portal and SSL VPN services, after this I have disabled…
  • Sophos Firewall: Policy-Based IPsec with Oracle Cloud Infrastructure(OCI)

    Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Note: The following KB is an updated version of the Sophos Firewall…