With my license renewal fast approaching and my XG125 rev3 EOL I am at a cross roads as to which vendor I should move forward with. Out of pure frustration, I got my hands on a Fortigate 80F to compare SSLVPN and IPSecVPN remote access throughput. I setup…

Hello, newbie here with Sophos. I am looking at a (new) client I have inherited who have their servers being backed up locally and then across a site to site VPN to a secondary location. There is one server on a different subnet that has never been…

I am trying to establish a Route based site-to-site IPSec VPN connection between two Sophos XG Firewalls (all fully up to date) - I followed this recipe . I have two subnets on the 'HeadOffice' Firewall - 192.168.22.0/24 and 192.168.23.0/24 and I have…

Good day, On our XG230 [ SFOS 20.0.0 GA-Build222] we have two IPsec site-to-site tunnels on two different GWs. Both connect to the same remote GW but use Different NATed local Subnets to Fortigate Firewall. IPSec policies are the same no change there…

Hey All, I've created an IPsec tunnel between my Sophos XGS unit and a Meraki with the Sophos unit initiating the connection. Traffic is passing just fine, but the location where the Sophos unit is located has somewhat spotty internet. It appears…

Hey everybody, i have a strange Problem. I have Firewall on Main Office and a Firewall in Azure (Both with Firmware SFOS 19.5.3) I have a working VPN and everything seems to be fine. But i cant access the Main Offices Web GUI or SSH CLI from…

I have a scenario and trying to set something up for the interim. In essence, the requirement is to get an APP server at location A to connect to DB server in location B. The main issue with this is that both locations have the same subnet (E.g 172…

Hi everyone, I'm having difficulty getting site to site IPsec to work properly with a Mikrotik device. Both LANs use the same class 192.168.99.0/24 and to configure the Sophos (SG115 SFOS 20.0.0 GA-Build222) I followed these instructions: https:/…

Hello, We are trying to establish an IPSEC VPN connection between 2 XGs Firewall. There is a Fritzbox behind the firewall at both locations. We have already tested many different settings and policies but keep getting the following error message: …

I was seeking a solution for an issue encountered with my client’s Sophos Gateway Firewall (Site-to-Site IPsec VPN Setup), which was due to the ISP’s PPPoE Service causing frequent changes in the WAN Interface IP. I’ve learned that Dynamic DNS could…

The client has a Sophos XGS107 in the branch office and an XGS2100 in the head office. We have site-to-site IPSec with PSK with HO to 2 BO. Due to the PPPoE WAN IP provided by the ISP, the firewall’s WAN interface IP changes frequently. We face a challenge…

Hi, I'm trying to set up an IPSec VPN on a Sophos XG to connect as site-to-site to an internet box that serves as a IPSec (IKEv2) VPN server. When configuring a new VPN user, the box only gives username/password and VPN server address. Is it possible…

Hello all, Network (kinda) and XGS newb is back with another question. I'm pretty sure the answer is going to be a "yes/no and you're just missing this little step to get it done". I've included a summarizing picture. Presently working: We have an…

Hello, I have an issue with site to site vpn IPSec. I suppose it is a bug. Scenario: You have 1 WAN port (port 2) You have some created site to site VPN IPSEC (initiate the connection type) Follow these steps to reproduce the issue: - Configure…

We have recently set up Multicast forwarding between our main office and a remote location via a site-to-site vpn. The Multicast forwarding is working from the remote location back to the main office, however, the system we need to multicast in the…

We are trying to forward multicast traffic for 239.1.1.2 between our Main Site to one of our remote sites via a Site-to-Site IPSec VPN connection. I have following the instructions here: https://support.sophos.com/support/s/article/KB-000038580?language…

Hello, Is there a way to configure a VPN tunnel interface scenario, using the same WAN interface to receive the connection from remote points? In this case, I have only 1 internet link on site A with a fixed IP, and I have several remote branches…

Hello, We have set up an IPSEC connection and want to set up a failover. We have checked the connection of the backup IPSEC connection and the tunnel could also be established. However, if we use the IPSEC connection in a failover group as backup IPSEC…

Hello guys, I really need your help i am facing the challenge since am not receiving the traffic from remote machine i have attached the captured traffic and denied logs from the specific machine....i can reach the remote machine by ping and telnet…

Hello, regarding to this post: LLMNR disabled - DNS resolution no longer works over VPN when will version 2.3 of sophos connect be published? kind regards

Hello! We are an MSP with about 20 clients that have servers hosted in Azure. These 20 clients have various hardware models of Sophos XG and XGS firewalls with various steps of firmware from 19.5.3 to 20.0.22. Those firewalls have an IPSec site to site…

I have two home deployments of Sophos Firewall v20, one at home and one at a family vacation home. I've set up VPN, routes, and rules between without issue. But the strangest issue that I can't seem to resolve is that with the vacation home the Admin…

Hello, I'm experiencing the exactly same problem as the guy in this (sadly locked) thread: IPSec Site-to-Site VPN Local Subnet Becomes Unreachable due to Inactivity As the thread ends with him contacting the support and no real solution, I was…

I am testing a new XGS 136 (SFOS 20.0.0 GA-Build222) offsite to replace an onsite XG 135 ( SFOS 19.0.2 MR-2-Build472). The backup of the XG 135 was used to setup the XGS 136. We have never used the IPsec Site-to-Site connection before but may have a…

Hello there, I have 2 Sophos Firewall connecting to Networks with IPSeC Site-to-Site VPN 1 Public IP for each network. XGS107 ( SFOS 19.5.3 MR-3-Build652) XG135 ( SFOS 18.5.2 MR-2-Build380) Network A 192.168.1.0/24 IPSeC gateway 172.16.21…