Hi I need to translate packets between an ISec and a RED 20. There is an IPSec tunnel with 172.18.10.0/24 on the remote site and 172.26.143.1/24 on the Sophos. I have a RED device with 192.168.54.1/24. I would access form REDs subnets hosts (maybe…

Greetings fellow members, I have 2 networks with 1 sophos firewall each, network A (Public IP/80.80.80.128, Local Network/192.168.20.1/24) and network B (Local Network 192.168.10.1/24). Sophos B XGS107 ( SFOS 19.5.3 MR-3-Build652) Sophos A XG135…

Hello All, The client has requested to know the uptime in the IPSEC VPN Tunnel. Sophos Model: XGS4500 Thank you

Hello, we have a problem which with the routing over VPN. A user is connected to SSL VPN with the XGS. The XGS has a site to site IPsec VPN connection to resources in the cloud. A request from the user's client using SSL VPN for resources in the…

We are trying to setup a IPSEC tunnel between a Sophos Firewall and a ISR4300 After activating its showing error Couldn't authenticate the local gateway. Check the authentication settings on both devices.

DHCP requests not routing over IPSEC This has nothing to do with v21.0. It is possible in v18.0. You just have to run a whole stack of CLI commands because the GUI is inadequate. A post by a Sophos staff member to a closed thread which no-one…

Hi all, AP configuration works. I am able to remove & add the AP's. AP's are recognized and shown as active. I can see the traffic between AP & XGS Port 2712. Traffic to port 8472 from firewall to AP is not answered, but i see packets from AP to APIPA…

Hi all, when we try to add or change a configuration on the IPsec settings page on our XG/XGS Firewalls we always have to wait for about 2 minutes for the site to load and for it to be usable. The web browser shows the message "This page is slowing…

After update to my xg firewall to v20 ipsec is become unstable. Randomly disconnection. openvpn client work without issue only ipsec have problem Some info: this setup worked for 2 year without a problem (another bug on v19 but fixed). Sophos firewall…

Hello Sophos Community, Is there any documentation or procedure to troubleshoot end user disconnection from our remote access IPsec VPN? I have been looking on how to look at the firewall logs but I couldn't finds anything usefull.

Hello @all, it is known that with IKEv1 on SFOS a new PSK overwrites all others PSKs if the gateways do not differ in the connections. Sadly I can not use IKEv2. Is it sufficient if just the local ID is different in connections and the remote ID is ANY…

Good morning. I have several XG/XGS of different clients configured with IPSEC against the same central, this central uses a CISCO firewall (we do not manage it). The problem we have is that every 30 minutes we receive an email from all the XG/XGS indicating…

Hi, What is the proper way to connect a branch having multiple internet gateways but the head office has only one gateway? The branch office WAN1 interface has a Real IP but WAN2 uses DDNS with a dynamic IP. Should the branch office have a failover…

Hi, One of my IPsec tunnels shows a yellow icon under the status but when I click on the connection details, all subnet connections show green. Any Suggestions?

Hi, We've run a flat lan for years at our main location. We've recently updated our network and added a few new VLANS to the mix. Now I have a problem. We have several Site-to-Site VPNs up and running that work great with our original VLAN1. However…

Hi, I have a Sophos XGS107 (SFOS 20.0.1 MR-1-Build342) setup with Site to Site vpn to a Mikrotik router. There is 4 vpn tunnels (or separate address pairs), It mostly works fine, but every other day one tunnel goes down. If I check in webgui >> site…

Hi all, we currently have 20 sites all using Sophos XG107 or XG 117 FW. all sites have a S2S VPN connection into AWS for SMB access. issue we have is failover internet, if failover is required then our VPN drops due to new IP. Failover internet is…

Hallo zusammen, wir haben eine Arztpraxis mit 2 Standorten mit XGS-Firewalls ausgestattet. Beide Standorte wurden über einen IPSec Site2Site VPN angebunden. Beide Standorte sind auch untereinader erreichbar, dass ist kein Problem. Standort A: 192…

Hi, Are there any specific IPSec Profile recommendations for connecting the branch office that does not have a static real IP Address? I am currently using the DefaultBranchOffice profile, but it disconnects automatically after some time. Thanks.

Hello all, I have a situation with a IPsec VPN setup between two sites that have subnets that are the same. I followed these instructions and it worked ok; NAT with route-based IPsec when local and remote subnets are the same - Sophos Firewall However…

Hallo, ich habe hier zwei Standorte, die sind per Site2Site Tunnel verbunden. HeadOffice mit LAN-A und Branchoffice mit LAN-B, beide sind mit einem Tunnel verbunden, keine Probleme. Im BranchOffice steht eine XG125 ( SFOS 20.0.1 MR-1-Build342) …

Hello, with the patch from Microsoft KB5040434 07/2024 there are problems with Radius authentication for L2TP. Without the patch, the client connection works without any problems. What can we do? Best Regards Dieter

Hello all, we are looking at a situation where we need to set up a site to site VPN to a vendor who is using a Fortigate gateway, and the same subnet is being used at both ends. I have reviewed the below link which covers this situation for Sophos to…

Hello, we are currently using Sophos Firewalls in a Hub-and-Spoke topology running SFOS 20.0. Some spokes are using WAN connections with dynamic IPs which will change from time to time. On those units we can observe that the corresponding XFRM interface…

Hello, We are having problems establishing an IPSEC tunnel between an XGS and a Fortigate firewall. Currently we receive the message “IKE SA proposals don't match. Check the phase 1 policy settings on both devices: IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5…