I am testing a new XGS 136 (SFOS 20.0.0 GA-Build222) offsite to replace an onsite XG 135 ( SFOS 19.0.2 MR-2-Build472). The backup of the XG 135 was used to setup the XGS 136. We have never used the IPsec Site-to-Site connection before but may have a…

Hello, I'm currently managing an XGS Sophos firewall at our headquarters, and we have a dual ISP setup connecting to branch offices. Our primary ISP uses **OSPF**, while the secondary ISP relies on a **GRE tunnel. The challenge arises when I add a…

Hallo zusammen, ich habe ein Problem beim Aufbau der Side to Side VPN Verbindung (IPsec) zwischen einer Fritzbox und meiner Sophos, welche hinter einer Fritzbox hängt. Der Aufbau sieht folgendermaßen aus: Beide Fritzboxen nutzen DDNS Dienste, da…

HELLO GOOD AFTERNOON DO YOU KNOW WHY THE VPN CANNOT CONNECT AND I AM CHECKING THE RULE BUT THERE IS TRAFFIC AND THIS IS THE RULE

Hallo liebe communitytäter, Ich habe ene Frage zum IPSEC: Folgende Konfiguration: UTM direkt am Internet XGS hinter einer NAT normales DSL. Wenn auf der XGS die IP wechselt kein Problem die Verbindung bleibt bestehen. UTM Initiator XGS Responder…

I have created VPN IP Sec between Sophos xg136 and Seqrite Terminator UTM after some time vpn auto disconnted and send below log error. And manually have to conect. Couldn't parse IKE message from 47.X.X.X[38049]. Check the debug logs. Traffic…

Hello everyone, I need help setting up an IPsec VPN. My provider gave me these parameters: Remote Gateway: <public address A> Subnet: <range of public addresses B> Phase1 and Phase2 parameters that I know it have to match Firewall XGS136 I…

Hi, We are using Sophos Firewall XG310 , SFOS v20. It's been 4 month we have established Site-to-Site VPN, and today suddenly our connection is Down with many " Received IKE message with invalid SPI (D3EED417) from the remote gateway " log messages…

I am referring this post with similar issue DNS request to DNS over Site2Site VPN I have below setup XG310 -- branch office XG430 -HA -- Head office Now I got XGS2100 - 2nd branch office ( Gateway local ip: 172.16.1.100 ) XGS2100 …

For a few days now I have been attempting to get a ipsec site to site between these two firewalls and even have the pro customer support pfsense involved. All there suggestions have been unsuccessful in getting the two to talk to each other. all guides…

Hello I recently upgraded my Sophos XG 2300 to SFOS v20 which is in Head Office, where I am running site to site vpn: IPsec tunnels to 6 branch offices and IPsec Profile is set to Head Office, policy based for all IPsec Tunnels on Head Office firewall…

Hallo, wir haben eine IPSec-VPN-Verbindung zwischen Sophos und Cisco aufgebaut. Auf dem Cisco Router sollte als ID die Key ID verwendet werden: Diese Konfiguration gibt es aber auf der Sophos nicht: Die Konfigurateionen sind dann auch nicht…

Hi, I have a constellation with a site-to-site VPN between a Sophos XGS116 and a Sonicwall TZ400 at a customer's. The connection between the two devices keeps breaking down. On the Sonicwall you can also see that the VPN tunnel has been disconnected,…

Hello, I work on 2 Sophos XG on 2 different sites. They communicate with each other using a Site-to-Site IPSec VPN. Site A : Sophos-XGS 33100 (SFOS 19.5.3) Site B : Sophos-XG 330 (SFOS 19.5.3) 3 subnets of Sophos A are configured to be able…

On Sophos Firewall, if I update and regenerate the default CA, what are the implications? I have a firewall that is setup, the default CA hasn't been customised so far. I need to setup a S2S IPsec VPN with certificates and wanted to customise this before…

Hi, I have two WAN Links. Firewall rules and sd-wan routes are created. If I add a new firewall policy to allow internet for a server that is not included in the default policy, it does not work. I created a new nat policy and sd-wan rule, but it did…

Hello, I'm unable to connect a Telekom Digibox (branded Bintec Router) to a Sophos XG via IPsec VPN. charon.log of the Sophos Firewall: 2024-02-16 12:26:17Z 28[NET] <9> received packet: from <branch ip>[500] to <head ip>[500] (512 bytes) 2024-02…

We set a local ip to our branch office 13.1 to the microtik switch and configured the IP sec in sophos firewall and established the connection and connection also up. We created the policies in microtik and added the IP address. Then established the connection…

Hello, we switched from a Zyxel Firewall to a XGS126 . Sinced we switched we have the problem, that gpudate takes a lot of time SSL UDP: 6-10 minutes SSL TCP: >30 minutes IPSec: 6-10 minutes In firewallrules we opened from VPN to LAN all…

Hello I have two branches, both with Sophos firewalls. I have run fibre between these branches; how should I connect them so that they share resources? I have configured a site-to Site VPN, but what if one side loses internet? I need a backup.

Hello dear Sophos Forum, I have set up a Site-to-Site VPN connection between a NAS and 2 ESXi servers with a Sophos XGS. Setting up the connection was no problem, but I still can't reach the ESXi servers from the NAS, even though every port is allowed…

Summary: AT&T provides us a /30 for our equipment and a /29 routed subnet. We are currently using several of these addresses as Alias NAT'd for hosted services. We have a vendor who wants to establish a VPN tunnel to their remote site via a cisco 4300…

Hallo Ich habe zwei Firewalls Head Office (Bach) und Filiale (Dornbirn) XG135 SFOS 19.5 Die WAN und Router Adressen sind in der Grafik nicht real. Bach: Ist hinter einem router welcher im bridge mode arbeitet. Das WAN interface ist nicht direkt…

I'm migrating from a UTM to an XG so i'm trying to replicate a config that already existed. I have the IPSEC VPN setup and the tunnel comes up. The VPN selector on my side only has a /30 I need to have the rest of the organisation talk through this VPN…

Good morning. I don't know if someone can help me as I have been trying various configurations and conducting tests without any success, and I'm not sure if the XG allows what I need. I have 2 offices: Office A has a public IP addressing (e.g.,…