• IPSec site to site vpn, one tunnel goes down frequently

    Lennart Johansson
    Lennart Johansson
    Hi, I have a Sophos XGS107 (SFOS 20.0.1 MR-1-Build342) setup with Site to Site vpn to a Mikrotik router. There is 4 vpn tunnels (or separate address pairs), It mostly works fine, but every other day one tunnel goes down. If I check in webgui >> site…
    • 4 months ago
    • Sophos Firewall
    • Discussions
  • SD WAN config between CGW and AWS EC2 Virtual FW

    Matt Carter
    Matt Carter
    Hi all, we currently have 20 sites all using Sophos XG107 or XG 117 FW. all sites have a S2S VPN connection into AWS for SMB access. issue we have is failover internet, if failover is required then our VPN drops due to new IP. Failover internet is…
    • 4 months ago
    • Sophos Firewall
    • Discussions
  • Problem IPSec Site2Site zu VPN Gateway

    SaschaK
    SaschaK
    Hallo zusammen, wir haben eine Arztpraxis mit 2 Standorten mit XGS-Firewalls ausgestattet. Beide Standorte wurden über einen IPSec Site2Site VPN angebunden. Beide Standorte sind auch untereinader erreichbar, dass ist kein Problem. Standort A: 192…
    • 4 months ago
    • Sophos Firewall
    • German Forum
  • IPSec Recommended Settings for Branch Office

    CreateShare
    CreateShare
    Hi, Are there any specific IPSec Profile recommendations for connecting the branch office that does not have a static real IP Address? I am currently using the DefaultBranchOffice profile, but it disconnects automatically after some time. Thanks.
    • 4 months ago
    • Sophos Firewall
    • Discussions
  • RED Modes

    CreateShare
    CreateShare
    Hi, I read about all red modes but could not find a way to let the network behind RED Devices use the internet from their local internet gateway but take the web filter policy from the Firewall. Is it possible? Thanks.
    • 4 months ago
    • Sophos Firewall
    • Discussions
  • Sophos Red and XGS Limitation

    Bathathe Gondwe
    Bathathe Gondwe
    Community, 50 branch sites that we want to deploy red devices to connect to HQ and route all traffic to HQ for content filtering, HQ LAN resource access, and internet breakout, Bandwidth for all branch sites: 10 - 30Mbps Bandwidth at HQ: 100 to…
    • 4 months ago
    • Sophos Firewall
    • Discussions
  • Add subnets to NAT with policy-based IPsec when local and remote subnets are the same

    Mark Tarrant
    Mark Tarrant
    Hello all, I have a situation with a IPsec VPN setup between two sites that have subnets that are the same. I followed these instructions and it worked ok; NAT with route-based IPsec when local and remote subnets are the same - Sophos Firewall However…
    • Answered
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • Kein VLAN Routing bei Site2Site Tunnel und Bridge Group im Branch Office

    juergenb52
    juergenb52
    Hallo, ich habe hier zwei Standorte, die sind per Site2Site Tunnel verbunden. HeadOffice mit LAN-A und Branchoffice mit LAN-B, beide sind mit einem Tunnel verbunden, keine Probleme. Im BranchOffice steht eine XG125 ( SFOS 20.0.1 MR-1-Build342) …
    • 5 months ago
    • Sophos Firewall
    • German Forum
  • Unable to Reach RED hosts from Remote SSLVPN - Urgent help needed

    BeanAnimal
    BeanAnimal
    HI - Time sensitive here, back against the wall (will pay outside consultant if needed). Sophos Partner, long out of the loop. I have (2) REDS. Both are reachable from main XG network. I am unable to reach the RED hosts from the SSL VPN. REDS are in…
    • Answered
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • IPSEC/L2TP with Radius and CVE-2024-3596

    Dieter
    Dieter
    Hello, with the patch from Microsoft KB5040434 07/2024 there are problems with Radius authentication for L2TP. Without the patch, the client connection works without any problems. What can we do? Best Regards Dieter
    • Answered
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • Site to site VPN to a vendor site with the same subnet at both ends

    Mark Tarrant
    Mark Tarrant
    Hello all, we are looking at a situation where we need to set up a site to site VPN to a vendor who is using a Fortigate gateway, and the same subnet is being used at both ends. I have reviewed the below link which covers this situation for Sophos to…
    • Answered
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • XFRM showing 'not configured' after public IP changes on spoke

    GJN
    GJN
    Hello, we are currently using Sophos Firewalls in a Hub-and-Spoke topology running SFOS 20.0. Some spokes are using WAN connections with dynamic IPs which will change from time to time. On those units we can observe that the corresponding XFRM interface…
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • Sophos XGS IPESEC to Fortinet Firewall

    admin_idl
    admin_idl
    Hello, We are having problems establishing an IPSEC tunnel between an XGS and a Fortigate firewall. Currently we receive the message “IKE SA proposals don't match. Check the phase 1 policy settings on both devices: IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5…
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • UNIFI CLOUD GATEWAY ULTRA HINTER SOPHOS XG135 MIT VPN

    MRXLENN
    MRXLENN
    Hallo Zusammen, ich habe für mein kleines "Homelab" umstrukturiert und habe nun eine Sophos XG135 und Unifi Cloud Gateway Ultra besorgt. Mein Aufbau: Internet -> Speedport Smart 3 (Modem Funktion) -> Sophos XG135 PPPOE -> Unifi Cloud Gateway Ultra…
    • 5 months ago
    • Sophos Firewall
    • German Forum
  • Disable IPSEC Anti Replay Protection SFOS v20

    OliverKnights
    OliverKnights
    Hello, Im trying to test out Cloudflare magicwan and the guide says to disable ipsec anti replay protection. The guide shows a command for sfos v19 however this doesn't seem to exist in v20. The command is: set vpn ipsec-performance-setting anti…
    • Answered
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • Sophos XGS IPSEC PSK and remote ID issue

    admin_idl
    admin_idl
    Hello, we have set up several Policy Based IPSEc tunnels. These have different remote gateways, but some of them have the same remote IDs. Some connections crash after a certain time. Could this be due to the PSK in conjunction with the remote ID? As…
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • XG230 to RED-SDRED

    Marcos Ramirez
    Marcos Ramirez
    Hello, good day, I hope you can help me, I have the following problem. We have an XG230 that manages 10 RED15W, 1 RED50, and 3 SD-RED60, along with this firewall (XG230) a Fortinet brand firewall was implemented, but it is expected that both firewalls…
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • Network concept considerations

    Andreas Bolz
    Andreas Bolz
    Hello Sophos Community, I am a Sophos beginner and have questions regarding the options for site connection via REDs or site-to-site VPN, as I have no practical experience here. What are my requirements? The idea is to connect 3 locations, whereby…
    • Answered
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • CVE-2020-20813

    Elvys Marchon
    Elvys Marchon
    Hello, I verified that my Sophos XGS SFOS 20.0.0 GA-Build222 has OpenVPN 2.4.7 which is vulnerable to CVE-2020-20813 which according to NIST has a high level. As I use SSL VPN for remote access, I need to know if my firewall is vulnerable. Best Regards…
    • Answered
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • RED SD 20

    Christian Sander
    Christian Sander
    Liebes Forum, ich habe heute eine neue SD 20 installiert und bekomme keine Verbindung. Die SD-20 meldet sich kurz bei FIrewall und die SD-20 versucht dann ein Firmware-Update. Dies erkennt man an den LED's der SD-20. In diesem Zustand hängt die RED…
    • 5 months ago
    • Sophos Firewall
    • German Forum
  • Trouble routing a packet from site A via site B to site C (with SNAT)

    apijnappels
    apijnappels
    I have something strange for the following situation. VPN connection between site A and site B (tried both policy-based and route-based) and a policy-based VPN-connection between site B and site C. Intention is to reach site C from site A while there…
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • User Authentication over S2S IPSec VPN

    CV_Sophos
    CV_Sophos
    We have currently have two locations, each with a XG330 v19.5.4 MR4 and an EPL fiber connection between them that has a S2S IPSec tunnel setup and a static route on both ends pointing to the other. Each FW is setup with the local DC for user authentication…
    • Answered
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • SSL VPN Pattern upgrade to 17.5.15

    Geniteq IT
    Geniteq IT
    Dear Support, If having XG210 ( SFOS 17.5.15 MR-15 ) with SSL VPN pattern current version ( 1.0.008 - 05:32:30, Sep 11 2020) Using the web interface, can a manual pattern upgrade to the version ( sslvpn_1.02_1.0.009.tar.gz.sig ) occurs without any…
    • Answered
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • Sophos XG : NET::ERR_CERT_COMMON_NAME_INVALID

    Neil Wilkinson
    Neil Wilkinson
    HI all, Hoping you can help. Recently an external website we access has been updated and hosted elsewhere. Following the move we now get the following error but only when connecting via the VPN (Remote access). We can browse to the site without issue…
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • XGS - SSL VPN not working from neighbouring WAN IP (hosted offices)

    Simon Wilks
    Simon Wilks
    Hi I have customer with SSL VPN working fine 99% of the time. However users cannot connect from the same WAN subnet. Ie say the WAN IP of the XG is 85.85.12.5/27 If a user tried to VPN from anoter network which is on the same ISP (ie 85.85.12…
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • View related content from anywhere
  • More
  • Cancel
<>