• XG 210 IPSEC DOWN FAILED PARSING IKE

    Simon BALAND
    Simon BALAND
    Hi, We are losing our ipsec link after some time. (randomly) Initial connection is ok no problem But in logs we have this message : IPSEC FAILED Couldn't parse IKE message from : X.X.X.X Check the debugs logs ID 18052 If i reinitiate manually…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • IPSec to Azure - Tunnel interface missing after creation

    Matthew Wall
    Matthew Wall
    Hi all, I have been having an issue with my XG330 firewall. I created a Tunnel Interface to Azure, and see that the IPSec tunnel is not appearing under my network interfaces. I have followed the documentation highlighted here. Sophos Firewall: Configuring…
    • Answered
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Sophos to Fortigate site to site issue

    sndyblz
    sndyblz
    Anyone has a experience on create a site to ste vpn with fortigate firewall (as spokes and Sophos as hub), and face the ff issue: Random instances the spoke site went down even the isp has stable connection. And every time one or 2 sites (spoke, we…
    • Answered
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • IPSEC VPN intermittent communication issue

    Mayuresh Bhagwat
    Mayuresh Bhagwat
    Setup: Sophos XGS 87 (SFOS 19.5.1 MR-1-Build 278) and Sophos XG210 (SFOS 19.5.1 MR-1-Build278) Connection type: IPSEC VPN Site to Site Issue: The communication between the 2 site networks works well for sometime and suddenly the communication breaks…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • New S2S can't connect

    Jeff Vandervoort
    Jeff Vandervoort
    MO: XGS136/SFOS v19,5,2. Not in production yet, setting up to replace production firewall. BO: XG115/SFOS v19.5.2. In production. MO & BO have had an IPSec S2S running for a long time with the MO production firewall. The MO XGS that will replace…
    • Answered
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Webserver Protection for Host behind IP tunnel

    Linus Haake
    Linus Haake
    Hello everybody, I'm currently trying to establish the WAF setup for the current confirguration: Two sites are connected via IP Tunnel and everything is properly working with the static routes set-up. Now we have the need to setup Webserver Protection…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Site 2 Site VPN with multiple remotes having dynamic WAN IP addresses

    Randy Cleveland
    Randy Cleveland
    Hello, We have an XGS firewall at our HQ location, set up with several Site to Site VPN connections with remote XGS firewalls that have Static WAN IP addresses. I also have one site2site set up with a remote location with a dynamic WAN ip address…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Hub and Spoke with Sophos as HO and Fortigate as Branches

    sndyblz
    sndyblz
    We will migrate our Fortigate to Sophos XG, and one of our requirement is to create a IPsec site to site with Sophos XG 3300 ( as HUB or Head office) to small FortiGate in client branches (as Spoke). The problem is, I don't see any KB/Doc about creating…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Sophos XG Firewall - IPSEC VPN MFA ISSUE with OTP PIN

    Martin Hampl
    Martin Hampl
    Hi, I have XG125 (SFOS 19.5.1 MR-1-Build278) and IPSEC Remote Access for the users with internal OTP MFA. Remote users started to report disconnecting the VPN during the day, BUT also the need for MFA PIN to be entered multiple times a day. For example…
    • Answered
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • IPSec (Using NAT) add multiple local network

    Tier1@Vision9
    Tier1@Vision9
    Hello, We have created the IPSec tunnel (uses NAT) to application provider dc. Internal network is translated to NAT IP (provided by application provider). Tunnel is working. Now, we have to add SSL vpn remote access network to that IPSec tunnel…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • VPN Ipsec Site-to-site

    Adem SI
    Adem SI
    Hi. I have a site-to-site ipesc tunnel with my branch, the tunnel is connected to both parts, I have two rules created, Inbound and Outbound rule, the inbound rule works perfectly, all clients on the branch network can connect to my servers, but the…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Read IPSec Connection Status via API

    Franz Kempf
    Franz Kempf
    Hello, I was able to Active/DeActive an IPSec Connection via API (See the following thread) Activate and deactivate IPsec connection via CLI What I am not able to do is to read the actual status of the IPSec Connection. I was able to read out the…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • WAF for Web-Server behind IPsec-Connection

    SM-ITM
    SM-ITM
    Hello, I have the problem with an XGS 107 (19.5.2-B624) that a web server (10.203.111.101), which is located behind an IPsec connection, is not reachable via the WAF. When accessing the web server via the Internet, I get the code 503. However, the problem…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Devices behind RED20 can not Access Server within Site 2 Site VPN connected by XG

    Sebastian Engler
    Sebastian Engler
    Hi friends, today I'm facing a fancy issue with one of our smaller customers. We try to connect to an RDP-Server within a Site2Site VPN. From XG LAN we are able to connect to the RDP-Server with any client within the LAN-Zone. Now we need to get…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Sophos Firewall Authentication to server in Azure across VPN Tunnel

    DavidSain
    DavidSain
    I recently worked through a problem where an on premise firewall was unable to authenticate Remote Access VPN users with Active Directory as the server is hosted in Azure through a VPN (Active Directory is used instead of AAD as it's less expensive to…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Sophos v19 Site To Site VPN Multiple Wan Routing Problem

    MustafaTASCI
    MustafaTASCI
    Hello everyone, After migrating to version 19, we wanted to remove the migrated rules and rewrite the all configuration. However, we ran into some problems with the reconfiguration. We have 2 WAN internet interface and do not do load balancing or…
    • Answered
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • RED to Branch Office via Site to Site VPN

    balletbob
    balletbob
    Hi, Having a problem trying to get RED traffic passing over a Site-to-Site VPN to branch offices. RED connected to Head Office. Site-to-Site VPN configured and pushed by Central to Head Office and Branch Office. The branch office subnets…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • IPSec tunnel with Cisco Peer

    Memorycard
    Memorycard
    Hello guys, what is your suggestion to establish an IPSec tunnel with a Cisco router that is configured: Phase1 algorithms: 3des and MD5 Phase2 algorithms: esp-3des and esp-sha-hmac
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Sophos XGS 2100 no outbound traffic

    Fizzle
    Fizzle
    Greetings and thanks for reading! I'll have to start by asking for some patience as I'm new to the Sophos firewall platform. I'm going to provide a lot of detail to make sure I dont miss something important. I work for a small university and am trying…
    • Answered
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Two XG 19.5 IPSEC S2S connected, DNAT from WAN head office to a remote server in branch office.

    Damiano
    Damiano
    I have this situation: HEAD OFFICE: IP: 192.168.75.0/24 BRANCH OFFICE IP: 192.168.82.0/24 Host: 192.168.82.64 I established a S2S between the two firewalls but I need to publish from te WAN head office a service on a remote host in branch…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Ipsec traffic go through ssl tunnel inspect of ipsec tunnel

    Tri Nguyen2
    Tri Nguyen2
    hi everyone. i have created ipsec route base vpn but when everything done, the traffic is going through wrong tunnel interface. the precedence route is static > sd wan route > vpn route. ipsec status is up. and i have added route to the remote…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Strange Traceroute behavior between sites

    Steve Klassen
    Steve Klassen
    Hi there. I have 3 sites, each connected to our datacenter. Location 2 has a Tunnel interface connection, Location 1 and 3 have a Site-to-site connection. Like this: Location1 ====sitetositetunnel===== Datacenter=====tunnel=====Location2 Location1…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • IPSEC Tunnel Mode does not reconnect automatic

    Carlos Cesario
    Carlos Cesario
    Hello guys, Im facing a bit problem with IPSEC VPN in Tunnel mode. When the WAN link goes down in BO or HO the IPSEC tunnel does not reconnect automatically. I need force reconnect manually (clicking in red circle). Im using the default "Head office…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Rule/Route Configuration to allow ICMP probes over VPN Tunnels

    CF1 Tech
    CF1 Tech
    I have a scenario I could not find an answer for. I have a health probe that comes in over my established VPN tunnel interface xfr1. These can be typical ICMP Requests that source from various IPs, or they can be constructed packets where there is an…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • S2S IPSEC - Policy based and Routing based

    Michael Wallis
    Michael Wallis
    Hi All, We have Head Office with 6 Branch Offices. Each Branch office is connected to the Head Office via a Policy Based IPSEC S2S VPN. The head office and branch offices all have 4G backup internet. Hence, this requires 4 tunnels per branch office…
    • Answered
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • View related content throughout Sophos Firewall
  • More
  • Cancel
<>