Browse By Tags

  • Clientloser Zugriff - Mouse Courser nur ein X

    Hallo zusammen, bei unserem XGS "Clientloser-Zugriff" ist der Mouse Course auf dem RDP Server nur ein X. Insbesondere für ältere Anwender ist das Kreuzchen sehr schlecht sichtbar. Gibt es eine Möglichkeit das umzustellen? Das Thema wurde auch hier…
  • DNS Resolution Issues with Sophos Connect

    Recently, I had a problem with a client and their VPN. I noticed that when connecting to the VPN using Sophos Connect, all the DNS requests I make are resolved by the XG. In other words, when I run an nslookup google.com while connected to the VPN, the…
  • DNS resolution over VPN issue when LLMNR is disabled - Sophos Conect 2.3

    I have the same problem as described in the following post: RE: LLMNR disabled - DNS resolution no longer works over VPN I have now updated to 20v1 MR1 and installed the current Connect Client. Unfortunately, the error is still not fixed with Sophos…
  • Sophos Connect client looses profile when changing network

    We are experiencing a very strange effect with the Sophos Connect 2.2.90 client We use SSL VPN connections for users. Users load the profile from the user portal and import it into the client. The connection works fine, but when the user switches networks…
  • Sophos Connect Client GPO Installation

    I want to deploy Sophos Connect 2.3 to a group of computers before we install the firewall at the site and push the provisioning file. File is easy, but the GPO to install the Connect Client, while applied to the computer, never installs. We have a company…
  • Sophos Connect updates

    Hello, everyone. I would like to hear from you about your experience. Thank you in advance. Sophos version: 19.5.4 I have two questions. First (1) - Our company is going through a name (identity) transition. We are no longer called XYZ but ABC. Our provisioning…
  • Sophos Connect - Sophos TAP Adapter unidentified network

    Every time I wanted to connect to a VPN via Sophos connect the connection was established for the first time but then the Sophos TAP Adapter card displayed unidentified network, The temporary solution is to deactivate/activate the card to be able to connect…
  • Built-In Windows IPSEC VPN

    Good morning! I try to set up IPSEC with DN Match policy through Windows 11 built-In VPN. I configured it on the UTM and on the client, but no connection request is incoming on the UTM, I'm a bit confused. Checked the firewall and the IPSEC logs, but…
  • SSL VPN (TCP) Static IP Address issues

    Hello, I am experiencing the issues listed in NC-120119 when I am using TCP mode for my SSL VPNs. I have a select number of users who I required to get a static IP address, however when they are connected, if they change network type and it tries…
  • Sophos XGS site-to-site SSL VPN static IP address for client

    Hello, I have Sophos XG 2300 with firmware 19.5.3 MR-3. I'm trying to set a static IP address for a site-to-site SSL VPN client. Is there any way to achieve this? Whatever I do it keeps getting leased IP address from Global DHCP pool or the VPN…
  • Sophos Connect VPN password expired... not using AD for authentication

    Hello, we have a single remote user at our organization using the Remote SSL VPN group. We do not use AD to sync passwords or anything. they are just set by the Admin. He emailed me today saying that his password expired, and he can log-in to the VPN…
  • Sophos SSL VPN Auto Connect

    Hi, One of our customer has Sophos SSL VPN in Sophos XGS Firewall and they are dialing through Sophos Connect Client. Now, they want to auto connect in Windows 11 Pro, when the Laptop power on.. I have gone through some articles and i couldn't get any…
  • Unable to access remote access VPN L2TP Client from main office

    Hi I am trying to ping/RDP L2TP client from Main office but unable to access but through L2TP client I can access my office network. Thank you Policy tester Rules and policies NAT Rule
  • Received IKE message with invalid SPI (F5D1C2B8) from the remote gateway.

    Received IKE message with invalid SPI (F5D1C2B8) from the remote gateway. Received IKE message with invalid SPI (2AE78327) from the remote gateway. What could be the issue and how to solve it?
  • Sophos Connect Setup Wizard ended prematurely

    Hello I have Paralels Windows machine on MAC and I cannot install Sophos Connect. The message is Sophos Connect Setup Wizard ended prematurely MAC OS SONOMA ver. 14.3 Paralels ver. 19.3.0(54924) Windows11 ver 22H2 Sophos Connect ver. 2.3.0 …
  • Question about Remote Desktop and SSL VPN

    So we are moving away from Citrix for our remote access. However we still need to access some applications internally. I have been working on trying to implement this using Entra App Proxy and the Web Client. This has proved to be an unsolvable nightmare…
  • Fortigate 80F v Sophos XG125 IPSec Remote Access

    With my license renewal fast approaching and my XG125 rev3 EOL I am at a cross roads as to which vendor I should move forward with. Out of pure frustration, I got my hands on a Fortigate 80F to compare SSLVPN and IPSecVPN remote access throughput. I setup…
  • Endpoint not able to browse over site to site VPN to backup target

    Hello, newbie here with Sophos. I am looking at a (new) client I have inherited who have their servers being backed up locally and then across a site to site VPN to a secondary location. There is one server on a different subnet that has never been…
  • IPSec VPN allows traffic to one subnet, but not another.

    I am trying to establish a Route based site-to-site IPSec VPN connection between two Sophos XG Firewalls (all fully up to date) - I followed this recipe . I have two subnets on the 'HeadOffice' Firewall - 192.168.22.0/24 and 192.168.23.0/24 and I have…
  • Advanced 2FA methods for Sophos UTM?

    Hi there, I'm surprised that I haven't found any other 2FA method for the Sophos UTM than the stone-age TOTP. This is very awkward, especially for users. Other manufacturers show how modern 2FA can work. You log in by entering your UN and PW and simply…
  • Site-to-Site connected but no traffic over failover GW

    Good day, On our XG230 [ SFOS 20.0.0 GA-Build222] we have two IPsec site-to-site tunnels on two different GWs. Both connect to the same remote GW but use Different NATed local Subnets to Fortigate Firewall. IPSec policies are the same no change there…
  • Sophos Connect v2.3 and SFOS v20 MR1 - SSL VPN - Delayed disconnection

    Hi, With the noon version of Sophos Connect v2.3 against SFOS v20 MR1, I encountered a bug in the delayed disconnection of SSL VPN server-side (XG Sophos firewall). On the client side the connection is already in a disconnected state, but on the firewall…
  • Keep Site-to-site Tunnel Connected?

    Hey All, I've created an IPsec tunnel between my Sophos XGS unit and a Meraki with the Sophos unit initiating the connection. Traffic is passing just fine, but the location where the Sophos unit is located has somewhat spotty internet. It appears…
  • SSL VPN Certificates and .cfg

    Hey there, on old SUM Firewalls there was an SSL VPN Installer incl. configuration on Userportal. When you have installed this, you got an openvpn.cfg file and the user certificate. I have changed our Firewall to an XGS and now i need the new…
  • SSL VPN Global Settings Apply Error

    In SSL VPN Global Settings, when I try to apply, I get the error message " You must enter a network IP address." This happens even when I don't make any changes. Any idea what's going on, and how to fix it? I'm on a XG125w (SFOS 20.0.0 GA-Build222…