Hello, we are currently using Sophos Firewalls in a Hub-and-Spoke topology running SFOS 20.0. Some spokes are using WAN connections with dynamic IPs which will change from time to time. On those units we can observe that the corresponding XFRM interface…

Hello, We are having problems establishing an IPSEC tunnel between an XGS and a Fortigate firewall. Currently we receive the message “IKE SA proposals don't match. Check the phase 1 policy settings on both devices: IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5…

Hallo Zusammen, ich habe für mein kleines "Homelab" umstrukturiert und habe nun eine Sophos XG135 und Unifi Cloud Gateway Ultra besorgt. Mein Aufbau: Internet -> Speedport Smart 3 (Modem Funktion) -> Sophos XG135 PPPOE -> Unifi Cloud Gateway Ultra…

Hello, Im trying to test out Cloudflare magicwan and the guide says to disable ipsec anti replay protection. The guide shows a command for sfos v19 however this doesn't seem to exist in v20. The command is: set vpn ipsec-performance-setting anti…

Hello, we have set up several Policy Based IPSEc tunnels. These have different remote gateways, but some of them have the same remote IDs. Some connections crash after a certain time. Could this be due to the PSK in conjunction with the remote ID? As…

Hello, good day, I hope you can help me, I have the following problem. We have an XG230 that manages 10 RED15W, 1 RED50, and 3 SD-RED60, along with this firewall (XG230) a Fortinet brand firewall was implemented, but it is expected that both firewalls…

Hello Sophos Community, I am a Sophos beginner and have questions regarding the options for site connection via REDs or site-to-site VPN, as I have no practical experience here. What are my requirements? The idea is to connect 3 locations, whereby…

Hello, I verified that my Sophos XGS SFOS 20.0.0 GA-Build222 has OpenVPN 2.4.7 which is vulnerable to CVE-2020-20813 which according to NIST has a high level. As I use SSL VPN for remote access, I need to know if my firewall is vulnerable. Best Regards…

Liebes Forum, ich habe heute eine neue SD 20 installiert und bekomme keine Verbindung. Die SD-20 meldet sich kurz bei FIrewall und die SD-20 versucht dann ein Firmware-Update. Dies erkennt man an den LED's der SD-20. In diesem Zustand hängt die RED…

I have something strange for the following situation. VPN connection between site A and site B (tried both policy-based and route-based) and a policy-based VPN-connection between site B and site C. Intention is to reach site C from site A while there…

We have currently have two locations, each with a XG330 v19.5.4 MR4 and an EPL fiber connection between them that has a S2S IPSec tunnel setup and a static route on both ends pointing to the other. Each FW is setup with the local DC for user authentication…

Dear Support, If having XG210 ( SFOS 17.5.15 MR-15 ) with SSL VPN pattern current version ( 1.0.008 - 05:32:30, Sep 11 2020) Using the web interface, can a manual pattern upgrade to the version ( sslvpn_1.02_1.0.009.tar.gz.sig ) occurs without any…

HI all, Hoping you can help. Recently an external website we access has been updated and hosted elsewhere. Following the move we now get the following error but only when connecting via the VPN (Remote access). We can browse to the site without issue…

Hi I have customer with SSL VPN working fine 99% of the time. However users cannot connect from the same WAN subnet. Ie say the WAN IP of the XG is 85.85.12.5/27 If a user tried to VPN from anoter network which is on the same ISP (ie 85.85.12…

Hi, I've deployed doznes of SSL VPN clients, having DNS set to on-premises AD LAN DNS server 10.1.1.10 in General SSL VPN settings for all clients. Now when client with laptop connects to SSL VPN, I can see his/her default DNS resolving goes through…

Hello, I want to setup a S2S IPsec VPN between our Head office and Branch Office. The branch office has only IPv6. I have setup on btoh side the S2S VPN, but i cant get it to connect. And i even dont see any connection trys in the logs. For all other…

Hallo, how is it possible to control the IPSEC Remote VPN Access time-based on the XGS, so that the users can only establish a connection at certain times? Thank You!

I don't know if this is the right configuration so bear with me. I have a connection that essentially functions as a direct ethernet line back to the main office, called an EPLAN. It is set up in my Branch Office in the LAN zone. Everything works OK…

Hallo, ich habe zwei Sophos-XGS per site-to-site VPN SSL gekoppelt. Die Verbindung bekommt immer eine IP-Adresse aus dem SSL- Bereich per DHCP zugewiesen. Kann ich diese Adresse zuweisen bzw zumindest reservieren? z.B. soll die Sophos üner diesen…

Hi there, After the firmware update to SFOS 20.0.1 MR-1-Build342, we have rolled out the Sophos Connect Client v2.3.1. It turns out that DNS resolution does not work with IPsec. It looks like the wrong DNS servers are being entered here (ipv6). With SSL…

Hi. I just recently changed my SSL User account on Sophos, and after that, I can not access Sophos through SSL VPN and receive "received connection reset from gateway" on the Sophos connect client. When I log in to the user portal to download the new…

Hi Everyone, I can't figure out why can't I access any of my servers over VPN (IP Sec) after expanding my network from /24 to /22 I'm running SFOS 20.0.1 MR-1-Build342 Here's my setup: Before network expansion Network, LAN Zone, IPv4/netmask…

How can I disable MOBIKE IKEv2 extension support in IPSec?

Hi, i have the same Probleme like mentioned here Not able to connect SSL VPN but i am not able to find the setting he has changed in the xgs menu. ( i did already all Troubleshoot steps, even have compared all settings with another xgs device…

At our main site we have two Sophos XGS3100 in a highly available (active/passive) configuration. At a second site we have a single Sophos XGS 2100. On our Sophos XGS3100 we have a RED interface for a Sophos SD RED60 at a third site in a Standard…