Hello, we are currently using Sophos Firewalls in a Hub-and-Spoke topology running SFOS 20.0. Some spokes are using WAN connections with dynamic IPs which will change from time to time. On those units we can observe that the corresponding XFRM interface…

Hello, We are having problems establishing an IPSEC tunnel between an XGS and a Fortigate firewall. Currently we receive the message “IKE SA proposals don't match. Check the phase 1 policy settings on both devices: IKE:AES_CBC_256/HMAC_MD5_96/PRF_HMAC_MD5…

Hello, Im trying to test out Cloudflare magicwan and the guide says to disable ipsec anti replay protection. The guide shows a command for sfos v19 however this doesn't seem to exist in v20. The command is: set vpn ipsec-performance-setting anti…

Hello, we have set up several Policy Based IPSEc tunnels. These have different remote gateways, but some of them have the same remote IDs. Some connections crash after a certain time. Could this be due to the PSK in conjunction with the remote ID? As…

I have something strange for the following situation. VPN connection between site A and site B (tried both policy-based and route-based) and a policy-based VPN-connection between site B and site C. Intention is to reach site C from site A while there…

We have currently have two locations, each with a XG330 v19.5.4 MR4 and an EPL fiber connection between them that has a S2S IPSec tunnel setup and a static route on both ends pointing to the other. Each FW is setup with the local DC for user authentication…

Hello, I want to setup a S2S IPsec VPN between our Head office and Branch Office. The branch office has only IPv6. I have setup on btoh side the S2S VPN, but i cant get it to connect. And i even dont see any connection trys in the logs. For all other…

I don't know if this is the right configuration so bear with me. I have a connection that essentially functions as a direct ethernet line back to the main office, called an EPLAN. It is set up in my Branch Office in the LAN zone. Everything works OK…

How can I disable MOBIKE IKEv2 extension support in IPSec?

Hi, is it possible to clear single IPSEC VPN security associations via Device Console or Advanced Shell on Sophos XGS? E.g. I would like to disconnect all VPNs to one specific gateway. Thank you. Greetings, Torsten

Hello there. I have doing some labs and until now I have achieved to make a Sophos-Sophos and Forti-Forti Ipsec tunnel. However I am trying to make a Sophos XG-Fortigate IPSEC tunnel but my tunnel does not wake up. I have followed this guide and configure…

Hello, all our Site-to-Site-VPN don't work again after upgrading from SFOS 20.0.0 GA-Build222 to SFOS 20.0.1 MR-1-Build342. In the log we find: (unnamed) - Couldn't parse IKE message from .. Also all outgoing remote IPSec don't work again after…

I am having issues configuring a connection between two Sophos firewalls and i am hoping someone can help. The firewalls are installed in two datacenters which are operated by the same provider, both sites are currently configured with a WAN/internet…

I have an IPSec connection that I would like to start the connection via Console. Which commands do I need for this? I am referring to the second button that can be found next to Activate connection in the SFOS web interface.

Hi, I need help connecting the headquarters containing device ruijie rg-nbr6210-e and the branch containing device SOPHOS. I have made all the required settings, but there is no connection to find out more. I am at your disposal. Thank you.

We have multiple site to site VPNs setup with connection type 'Tunnel Interface'. The VPN links connect multiple remote subnets. How does XG pick a source IP because it seems to be random and can change when we re-establish a connection. This causes issues…

I have a Route based VPN from SOPHOS to SOPHOS. I need to create a loopback to allow a connection back to a server. I am not able to find any information regarding this. In fact from what I can see I am not sure I can even do this with a normal IPSEC…

Hello, I have Sophos XG 2300 with firmware 19.5.3 MR-3. I'm trying to set a static IP address for a site-to-site SSL VPN client. Is there any way to achieve this? Whatever I do it keeps getting leased IP address from Global DHCP pool or the VPN…

Received IKE message with invalid SPI (F5D1C2B8) from the remote gateway. Received IKE message with invalid SPI (2AE78327) from the remote gateway. What could be the issue and how to solve it?

With my license renewal fast approaching and my XG125 rev3 EOL I am at a cross roads as to which vendor I should move forward with. Out of pure frustration, I got my hands on a Fortigate 80F to compare SSLVPN and IPSecVPN remote access throughput. I setup…

Hello, newbie here with Sophos. I am looking at a (new) client I have inherited who have their servers being backed up locally and then across a site to site VPN to a secondary location. There is one server on a different subnet that has never been…

I am trying to establish a Route based site-to-site IPSec VPN connection between two Sophos XG Firewalls (all fully up to date) - I followed this recipe . I have two subnets on the 'HeadOffice' Firewall - 192.168.22.0/24 and 192.168.23.0/24 and I have…

Good day, On our XG230 [ SFOS 20.0.0 GA-Build222] we have two IPsec site-to-site tunnels on two different GWs. Both connect to the same remote GW but use Different NATed local Subnets to Fortigate Firewall. IPSec policies are the same no change there…

Hey All, I've created an IPsec tunnel between my Sophos XGS unit and a Meraki with the Sophos unit initiating the connection. Traffic is passing just fine, but the location where the Sophos unit is located has somewhat spotty internet. It appears…

I have a scenario and trying to set something up for the interim. In essence, the requirement is to get an APP server at location A to connect to DB server in location B. The main issue with this is that both locations have the same subnet (E.g 172…