Hi, One of my IPsec tunnels shows a yellow icon under the status but when I click on the connection details, all subnet connections show green. Any Suggestions?

Hi, We've run a flat lan for years at our main location. We've recently updated our network and added a few new VLANS to the mix. Now I have a problem. We have several Site-to-Site VPNs up and running that work great with our original VLAN1. However…

Hi, I have a Sophos XGS107 (SFOS 20.0.1 MR-1-Build342) setup with Site to Site vpn to a Mikrotik router. There is 4 vpn tunnels (or separate address pairs), It mostly works fine, but every other day one tunnel goes down. If I check in webgui >> site…

Hi all, we currently have 20 sites all using Sophos XG107 or XG 117 FW. all sites have a S2S VPN connection into AWS for SMB access. issue we have is failover internet, if failover is required then our VPN drops due to new IP. Failover internet is…

Hi, Are there any specific IPSec Profile recommendations for connecting the branch office that does not have a static real IP Address? I am currently using the DefaultBranchOffice profile, but it disconnects automatically after some time. Thanks.

Hallo zusammen, wir haben eine Arztpraxis mit 2 Standorten mit XGS-Firewalls ausgestattet. Beide Standorte wurden über einen IPSec Site2Site VPN angebunden. Beide Standorte sind auch untereinader erreichbar, dass ist kein Problem. Standort A: 192…

Hello all, I have a situation with a IPsec VPN setup between two sites that have subnets that are the same. I followed these instructions and it worked ok; NAT with route-based IPsec when local and remote subnets are the same - Sophos Firewall However…

Hallo, ich habe hier zwei Standorte, die sind per Site2Site Tunnel verbunden. HeadOffice mit LAN-A und Branchoffice mit LAN-B, beide sind mit einem Tunnel verbunden, keine Probleme. Im BranchOffice steht eine XG125 ( SFOS 20.0.1 MR-1-Build342) …

Hello all, we are looking at a situation where we need to set up a site to site VPN to a vendor who is using a Fortigate gateway, and the same subnet is being used at both ends. I have reviewed the below link which covers this situation for Sophos to…

Hello, we are currently using Sophos Firewalls in a Hub-and-Spoke topology running SFOS 20.0. Some spokes are using WAN connections with dynamic IPs which will change from time to time. On those units we can observe that the corresponding XFRM interface…

Hello, We are having problems establishing an IPSEC tunnel between an XGS and a Fortigate firewall. Currently we receive the message “IKE SA proposals don't match. Check the phase 1 policy settings on both devices: IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5…

Hello, Im trying to test out Cloudflare magicwan and the guide says to disable ipsec anti replay protection. The guide shows a command for sfos v19 however this doesn't seem to exist in v20. The command is: set vpn ipsec-performance-setting anti…

Hello, we have set up several Policy Based IPSEc tunnels. These have different remote gateways, but some of them have the same remote IDs. Some connections crash after a certain time. Could this be due to the PSK in conjunction with the remote ID? As…

I have something strange for the following situation. VPN connection between site A and site B (tried both policy-based and route-based) and a policy-based VPN-connection between site B and site C. Intention is to reach site C from site A while there…

We have currently have two locations, each with a XG330 v19.5.4 MR4 and an EPL fiber connection between them that has a S2S IPSec tunnel setup and a static route on both ends pointing to the other. Each FW is setup with the local DC for user authentication…

Hello, I want to setup a S2S IPsec VPN between our Head office and Branch Office. The branch office has only IPv6. I have setup on btoh side the S2S VPN, but i cant get it to connect. And i even dont see any connection trys in the logs. For all other…

I don't know if this is the right configuration so bear with me. I have a connection that essentially functions as a direct ethernet line back to the main office, called an EPLAN. It is set up in my Branch Office in the LAN zone. Everything works OK…

How can I disable MOBIKE IKEv2 extension support in IPSec?

Hi, is it possible to clear single IPSEC VPN security associations via Device Console or Advanced Shell on Sophos XGS? E.g. I would like to disconnect all VPNs to one specific gateway. Thank you. Greetings, Torsten

Hello there. I have doing some labs and until now I have achieved to make a Sophos-Sophos and Forti-Forti Ipsec tunnel. However I am trying to make a Sophos XG-Fortigate IPSEC tunnel but my tunnel does not wake up. I have followed this guide and configure…

Hello, all our Site-to-Site-VPN don't work again after upgrading from SFOS 20.0.0 GA-Build222 to SFOS 20.0.1 MR-1-Build342. In the log we find: (unnamed) - Couldn't parse IKE message from .. Also all outgoing remote IPSec don't work again after…

Hi all, I was hoping I can seek some guidance on this forum. Currently, we are using our Sophos XG Firewall to connect to our network on Azure using an IPSec VPN Tunnel. We do have two ISP running in our building one being main and other being backup…

I am having issues configuring a connection between two Sophos firewalls and i am hoping someone can help. The firewalls are installed in two datacenters which are operated by the same provider, both sites are currently configured with a WAN/internet…

I have an IPSec connection that I would like to start the connection via Console. Which commands do I need for this? I am referring to the second button that can be found next to Activate connection in the SFOS web interface.

Hi, I need help connecting the headquarters containing device ruijie rg-nbr6210-e and the branch containing device SOPHOS. I have made all the required settings, but there is no connection to find out more. I am at your disposal. Thank you.