Hi all, I was hoping I can seek some guidance on this forum. Currently, we are using our Sophos XG Firewall to connect to our network on Azure using an IPSec VPN Tunnel. We do have two ISP running in our building one being main and other being backup…

Bei einem Kunden wird aktuell über die SG330 eine VPN IPSec v1 zum vTK Server der Telekom aufgebaut. Weil diese in Zukunft nur noch per IPSec v2 aufgebaut werden kann und die SG330 dies nicht anbietet, wollen wir die VPN Verbindung über den Lancom aufbauen…

I am having issues configuring a connection between two Sophos firewalls and i am hoping someone can help. The firewalls are installed in two datacenters which are operated by the same provider, both sites are currently configured with a WAN/internet…

I have an IPSec connection that I would like to start the connection via Console. Which commands do I need for this? I am referring to the second button that can be found next to Activate connection in the SFOS web interface.

Hi, I need help connecting the headquarters containing device ruijie rg-nbr6210-e and the branch containing device SOPHOS. I have made all the required settings, but there is no connection to find out more. I am at your disposal. Thank you.

We have multiple site to site VPNs setup with connection type 'Tunnel Interface'. The VPN links connect multiple remote subnets. How does XG pick a source IP because it seems to be random and can change when we re-establish a connection. This causes issues…

I have a Route based VPN from SOPHOS to SOPHOS. I need to create a loopback to allow a connection back to a server. I am not able to find any information regarding this. In fact from what I can see I am not sure I can even do this with a normal IPSEC…

Hello everyone, We are accessing a customer appliance via IPSEC-S2S VPN. Access is made to an IP that is NATed in the tunnel on the customer side and translated in the IPSec config on the customer side. Nothing special, has always worked. In addition…

Received IKE message with invalid SPI (F5D1C2B8) from the remote gateway. Received IKE message with invalid SPI (2AE78327) from the remote gateway. What could be the issue and how to solve it?

With my license renewal fast approaching and my XG125 rev3 EOL I am at a cross roads as to which vendor I should move forward with. Out of pure frustration, I got my hands on a Fortigate 80F to compare SSLVPN and IPSecVPN remote access throughput. I setup…

Hello, newbie here with Sophos. I am looking at a (new) client I have inherited who have their servers being backed up locally and then across a site to site VPN to a secondary location. There is one server on a different subnet that has never been…

I am trying to establish a Route based site-to-site IPSec VPN connection between two Sophos XG Firewalls (all fully up to date) - I followed this recipe . I have two subnets on the 'HeadOffice' Firewall - 192.168.22.0/24 and 192.168.23.0/24 and I have…

Good day, On our XG230 [ SFOS 20.0.0 GA-Build222] we have two IPsec site-to-site tunnels on two different GWs. Both connect to the same remote GW but use Different NATed local Subnets to Fortigate Firewall. IPSec policies are the same no change there…

Hey All, I've created an IPsec tunnel between my Sophos XGS unit and a Meraki with the Sophos unit initiating the connection. Traffic is passing just fine, but the location where the Sophos unit is located has somewhat spotty internet. It appears…

Hey everybody, i have a strange Problem. I have Firewall on Main Office and a Firewall in Azure (Both with Firmware SFOS 19.5.3) I have a working VPN and everything seems to be fine. But i cant access the Main Offices Web GUI or SSH CLI from…

I have a scenario and trying to set something up for the interim. In essence, the requirement is to get an APP server at location A to connect to DB server in location B. The main issue with this is that both locations have the same subnet (E.g 172…

Moin, ich habe da mal eine Frage bzgl dem Zugang via Remote VPN in das eigene Firmennetzwerk sich per VPN zu verbinden mit einem IPad. Leider hat der Kunde noch eine Sophos XG86w Firerwall und die anderen Clients (Laptop mit Windows 10) konnecten…

Hi everyone, I'm having difficulty getting site to site IPsec to work properly with a Mikrotik device. Both LANs use the same class 192.168.99.0/24 and to configure the Sophos (SG115 SFOS 20.0.0 GA-Build222) I followed these instructions: https:/…

Hello, We are trying to establish an IPSEC VPN connection between 2 XGs Firewall. There is a Fritzbox behind the firewall at both locations. We have already tested many different settings and policies but keep getting the following error message: …

I was seeking a solution for an issue encountered with my client’s Sophos Gateway Firewall (Site-to-Site IPsec VPN Setup), which was due to the ISP’s PPPoE Service causing frequent changes in the WAN Interface IP. I’ve learned that Dynamic DNS could…

The client has a Sophos XGS107 in the branch office and an XGS2100 in the head office. We have site-to-site IPSec with PSK with HO to 2 BO. Due to the PPPoE WAN IP provided by the ISP, the firewall’s WAN interface IP changes frequently. We face a challenge…

Hi, I'm trying to set up an IPSec VPN on a Sophos XG to connect as site-to-site to an internet box that serves as a IPSec (IKEv2) VPN server. When configuring a new VPN user, the box only gives username/password and VPN server address. Is it possible…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Note: The following KB is an updated version of the Sophos Firewall…

Hello all, Network (kinda) and XGS newb is back with another question. I'm pretty sure the answer is going to be a "yes/no and you're just missing this little step to get it done". I've included a summarizing picture. Presently working: We have an…

Hello, I have an issue with site to site vpn IPSec. I suppose it is a bug. Scenario: You have 1 WAN port (port 2) You have some created site to site VPN IPSEC (initiate the connection type) Follow these steps to reproduce the issue: - Configure…