VPN Menu Missing from User Portal
Hi there, I am using a Sophos XG 115 firewall. Yesterday the VPN stopped functioning after I installed the most recent firmware version MR-2-Build378 (20.0.2), and the VPN menu vanished from the user interface. I am able to download the Sophos Connect…
How to make comply for PCI DSS SCan
Afternoon
I have a customer failing PCI DSS with the below. obviously all address the application ports, but how do I get on with the exposed SSL VPN ? (port 444)
router = XGS2100 (SFOS 20.0.1 MR-1-Build342)
any pointers please?
sophos xg125 vpn client with smartcard authentication
Dear community, In our company, logging in to the domain will only be possible with a smart card and without entering a password in future. In our case, this is a Yubikey 5. Is there any way to integrate the SSL VPN clients via smartcard? Kind regards…
XGS - SSL VPN connection duration
Sophos XGS (SFOS 20.0.1 MR-1-Build342)
Is it possible to know the total time user has been connected to the vpn as I can only get the authentication and data transferred.
VPN config broken, no server_dn is NULL in SQL after restore
I had to restore my firewall from a backup, and now I can't download SSL VPN config from the portal anymore.
Checking the log I get the following error:
/home/jenkins/root/workspace/OmC/CI_64/build_dir/target-x86_64_glibc/vpnportal-1/internal/vpndownload…
XGS4500 (SFOS 20.0.2 MR-2-Build378) after Firmware update from 20GA to MR2 stays dead
Hello Sophos Community,
we just updated two XGS4500 (in HA) to 20 MR2 and now the SSLVPN stays dead:
After checking the admin interfance I logged into the shell: I used the command: service sslvpn:restart -ds nosync
503 Service Failed
We don't…
XGS3300 MFA for SSL VPN
Hey,
is there a possibility to set up MFA for SSL VPN on the XGS 3300?
Maybe even a SAML authentication with the MS authenticator?
Can't find any infos on that in the documentation, neither can i find an optiuon the the admin panel.
Can anyone…
SFOS 20.0.2 SSL VPN connection problem only on work laptop
Hey everyone,
I was recently given a SG115 firewall to mess around with and installed SFOS on it. While learning how to use it I've setup an SSL VPN connection that works on every computer except for my work laptop, which oddly enough is able to connect…
Route aus VPN wieder zurück auf das LAN ändern
Hallo,
ich hatte den Datenverkehr zum Sophos-Support (eu2.apu.sophos.com) durch einen Site-to-Site SSL VPN Tunnel zu einer anderen Sophos geschickt, da der Zugang dierekt über WAN gesperrt war. Nun sollte dieser Zugang über WAN freigeschaltet sein.…
OTP Issues with several users
Hello, sice some days we have the problem that with some users (will be more and more) OTP auth is failing: -> oath_totp_validate() failed for tokenid xxxxxxxxxxxxxxxxxxxxxx with error The OTP is not valid - OTP was working fine all the time before issues…
Established sSite to Site SSL VPN, Voip phones only working partially
Hello - I have an XGS 2100 at HQ. We were using a RED device to connect the branch office Phone and LAN traffic via VPN to the HQ PBX/LAN and everything worked fine. Given the rollout of the latest OS, the RED is no longer compatible, so we are attempting…
Using SG Firewall as a RED device
Hello,
can you continue to use the SGs at the secondary locations as RED devices with an XGS or should you switch to an SD-RED 20 or SD-RED 60?
Thank you very much
Sophos Connect 8 hour disconnect
We have a XGS210 using Sophos Connect and SSL VPN. After 8 hours users are getting disconnected. There has to be an authentication time out that is set for 28,800 seconds but I can't find it. Can someone point me in the right direction? I'd like to increase…
.ovpn Pfadangaben unter Windows
Hi Leute, ich habe ein kleines Problem bei der Einrichtung einer VPN Verbindung. Ich habe vom VPN Anbieter eine .ovpn Datei sowie ein Zertifikat im .p12 Format und eine .key Datei erhalten. Alles drei residiert im Dokumentenverzeichnis in einem Unterverzeichnis…
Can't contact local DNS from SSL VPN (with 2 WAN)
Hello,
I'm not an expert (for the moment) on Sophos.
For a customer that has an XG Firewall, he asked to configure a SSL VPN connection. As I already done this some years ago on a privous Sophos Router, it should be possible ;-)
But the LAN/WAN…
Unable to Reach RED hosts from Remote SSLVPN - Urgent help needed
HI - Time sensitive here, back against the wall (will pay outside consultant if needed). Sophos Partner, long out of the loop. I have (2) REDS. Both are reachable from main XG network. I am unable to reach the RED hosts from the SSL VPN.
REDS are in…
SSL VPN: Profile Disappears When Switching User Session
Table Of Contents:
- Overview
- Steps to Reproduce
- Workaround
When users switch sessions on the same computer, the imported configuration profile disappears (NCL-1621). This is currently observed under Windows 10/11 OS using Local or AD account…
Changing Active Directory server when using SSL VPN authentication
Hi, I've got a question about AD/LDAPS integration. Here's a quick rundown of the situation:
-I have a client with an XGS116 (SFOS 19.5.2 MR-2-Build624). -Employees are currently using the Remote access SSL VPN to log into an RDS server with the Sophos…
CVE-2020-20813
Hello, I verified that my Sophos XGS SFOS 20.0.0 GA-Build222 has OpenVPN 2.4.7 which is vulnerable to CVE-2020-20813 which according to NIST has a high level. As I use SSL VPN for remote access, I need to know if my firewall is vulnerable.
Best Regards…
SSL VPN: Remote Access Static IP with UDP Second Attempt Of Tunnel Fails
Table of Contents:
- Overview
- Configuration on Sophos Firewall
- Workaround
- Testing
- Related Information
Overview:
SSLVPN Remote Access Static IP with UDP, 2nd attempt of tunnel establishment auth_fails as ip address is not released when previous tunnel…
SSL VPN Pattern upgrade to 17.5.15
Dear Support,
If having XG210 ( SFOS 17.5.15 MR-15 ) with SSL VPN pattern current version ( 1.0.008 - 05:32:30, Sep 11 2020)
Using the web interface, can a manual pattern upgrade to the version ( sslvpn_1.02_1.0.009.tar.gz.sig ) occurs without any…
Sophos XG : NET::ERR_CERT_COMMON_NAME_INVALID
HI all,
Hoping you can help.
Recently an external website we access has been updated and hosted elsewhere. Following the move we now get the following error but only when connecting via the VPN (Remote access). We can browse to the site without issue…
XGS - SSL VPN not working from neighbouring WAN IP (hosted offices)
Hi I have customer with SSL VPN working fine 99% of the time.
However users cannot connect from the same WAN subnet.
Ie say the WAN IP of the XG is 85.85.12.5/27
If a user tried to VPN from anoter network which is on the same ISP (ie 85.85.12…
Appliance Certificate
Does regenerating the Appliance Certificate affect any other access besides SSL VPN? This is my issue, we recently had our XG210 replaced and rebuilt the new unit with a backup. Prior to the firewall failure SSL VPN has been my goto setup for staff who…
Site-to-site-VPN SSL feste IP Adresse?
Hallo,
ich habe zwei Sophos-XGS per site-to-site VPN SSL gekoppelt. Die Verbindung bekommt immer eine IP-Adresse aus dem SSL- Bereich per DHCP zugewiesen.
Kann ich diese Adresse zuweisen bzw zumindest reservieren?
z.B. soll die Sophos üner diesen…