Hello, I found a solution where IPSec networks are distributed via OSPF and would like to know if this is correct? Can I use this in a productive environment? 1. SSH -> 4. Device Console 2. system ipsec_route add net 192.168.123.0/255.255.255.0 tunnelname…

DHCP requests not routing over IPSEC This has nothing to do with v21.0. It is possible in v18.0. You just have to run a whole stack of CLI commands because the GUI is inadequate. A post by a Sophos staff member to a closed thread which no-one…

Hello there, I have 2 Sophos Firewall connecting to Networks with IPSeC Site-to-Site VPN 1 Public IP for each network. XGS107 ( SFOS 19.5.3 MR-3-Build652) XG135 ( SFOS 18.5.2 MR-2-Build380) Network A 192.168.1.0/24 IPSeC gateway 172.16.21…

Is there any way to use SNMP to monitor traffic flow through an IPsec tunnel? I'm successfully capturing port traffic with SNMP but would also like to capture the traffic between our two sites via an IPsec tunnel.

Hello I recently upgraded my Sophos XG 2300 to SFOS v20 which is in Head Office, where I am running site to site vpn: IPsec tunnels to 6 branch offices and IPsec Profile is set to Head Office, policy based for all IPsec Tunnels on Head Office firewall…

I have a DHCP server running at head office on 192.168.100.21 which is a Windows Server that has a Sophos as it's gateway The branch office has a Sophos There is an IPSEC tunnel between the two Sophos units The branch office has a DHCP relay pointing…

We have a configuration with out 30 tunnel interfaces to remote workers. These use static routes. On 5 or so of these configurations when the VPN tunnel reconnects the main firewall loses the routes. They still exist in the GUI, but in the CLI they are…

Hi, maybe a dumb question but what does the command really do? Maybe it is because of my special setup with the BO firewall tunneling all traffic to the HO firewall. But as far as I understood the - very well hidden - comparison whenever I want to do…

Hello, I need someone to help me across the road: I have a IPSec Tunnel (networks are just examples): Local network 192.168.100.0 /24 <-> Remote network 192.168.200.0 /24 I have also additional local networks: 192.168.1.0 /24 192.168.2.0 /24 192.168.3…

Hello, I got a IPSEC VPN from my sophos xg to remote firewall. Many subnet from my side are nated dynamiclaly with 172.30.10.0/24 to reach different subnet on the other side. Like (192.168.1.0/24 , 192.168.2.0/24 ...are nated with 172.30.10.0/24…

Hi, Encountering a weird error when trying to attempt using a server for DNS forwarding. We have a few branch offices - each connecting to DC via IPSEC (Connection Type: Site-to-Site / IKEv2) - with the DNS Forwadering Host in the DC. Now here's…

Hello All, We have a site that has a FortiGate firewall at the main site and several old watchguard firewalls at remote site. We need to replace one on the firewalls at a remote site, hoping to replace all later, with a new XGS3100. Due to the current…

Hi zusammen, seit genau einem Monat haben wir eine XGS 2300 im Einsatz und haben derzeit Probleme mit den NAT Regeln. Hier brauche ich einen Denkanstoß oder Hinweise an welcher Stelle es klemmen könnte. Kurz zum Aufbau. Wir haben einen IPsec Tunnel mit…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table of Contents Overview What to do How-To Translation…

Hi, I am currently changing our IPSEC VPNs from Cisco ASA to Sophos XGS, but now I am experiencing a strange behaviour regarding the routing. Route-precedence is VPN-Static-SD-WAN. Currently the ASA is handling the IPSEC tunnels so I created 3 static…

problem description see here: DHCP Relay over Routing-Based IPsec in SFOS 19 not workin I guess there are no plans to "add this feature" in future? Documentation is missleading: https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp…

Hello Dear Partners! I configured an SD-WAN Scenario with Two VPN Tunnels and then created an SD-WAN Profiles. as the image below: I did the following Test I dropped the Main Link VPN_MTZ_1 and Sophos Quickly switched the Route to the Backup…

Hello! So I'm trying to get a tricky NAT over IPSec tunnel set up based on the requirements from a vendor of ours. They only want to see traffic from and going to the following subnets: 1.1.2.192/28 1.1.4.48/28 1.1.8.48/28 So they want our internal private…

Dear sir, I hope you are doing well, Kindly sir i am facing issue in voice traffic send through IP Sec VPN tunnel. I have XG 210 in the head office and 116 XGS in the branch the IPsec VPN is active and i can ping all server and devices but…

I have a Data Center network that connect to 3rd party server network using site-site ipsec and all the vm in my data center knows how to get to the 3rd party servers. tunnel established Also have my HQ network and two branches network connected to…

Hello, I have bought my first Sophos Firewall and I need some help. Setup: Port1: LAN - 172.16.0.1/23 Port2: WAN - Public IP (PPPoE) Port3: LAN - 192.168.1.1/24 Site-to-Site IPsec tunnel: Port1 172.16.0.1 (local site) - 192.168.0.1/22 (remote…

We have several IPSec Tunnel Interface tunnels VPNs with 3rd party where we provide a DNAT IP range. Recently we added a new VPN whose network overlaps with an existing VPN so we need to not only DNAT but also SNAT so that routing works properly and…

I have two different VLANs on my LAN (192.168.1.0/24 and 172.16.1.0/24) I have two IPSec tunnels both which have a destination subnet of 10.10.1.0/24 (this cannot be changed as it's a third party connection which uses public DNS records so cannot use…

HI All Right now we implement MPLS with VPN as backup base on KB-000035833 document. Our MPLS connect with multiple site also VPN Tunnel connect to multiple tunnel to backup MPLS. As per document we need to add system link_failover add primarylink…

Hello, I have this situation: Our network: ip 10.10.10.0/24 External parter A: ip 10.20.20.0/24 (managed on another firewall different from Sophos) External Partnet B: ip 10.20.20.0/24 (same ip of partner A). I have a vpn working with B and I…