Hi, we are trying to configure IPsec tunnel between Sophos and Cisco ASA all configuration phase 1 and phase 2 are matches both sites. phase 1 is up but phase 2 is down i have checked logs below error message we are getting. 2024-12-05 13:15:08Z…

Good Day, We have 2 remote offices with a site-to-site link connecting to Head office. Network config for offices: Head office: 10.x.x.x/16 Remote Office A: 172.16.x.x/16 Remote Office B: 172.17.x.x /17 Have fail-over links connecting both…

Hello All, I have 2 branch offices and one HQ office. I would like branch 1 to be able to communicate with branch 2 VIA the Sophos XGS appliance in the HQ. Can any body give me any pointers for the best way to achieve this. I know I could connect…

Hi, I cannot find instructions on how, if possible at all, create Site2Site VPN tunnel, from Sophos XGS outbount to OpenVPN server. This is for IP phone service, I created one LAN port for local phones, MASQ via WAN interface....and now I nned to create…

Good day l have create a site to site to vpn , the vpn is up , but we cannot ping the branch site On the head office there is ospf configured, and if we trace route from the firewall it's showing that the traffic is going through the ospf vpn of…

This is an issue that I have seen with multiple customers. The VPN connection as Tunnel interface is established. The XFRM is configured to be non-overlapping in any sense with other IP subnets on the Firewall. Even then the gateway shows down. Here is…

Good morning. I am having problems with a server when accessing remote servers through an IPsec tunnel. SITE A has to access SITE B's servers and vice versa The problem is that for approximately a week one of the servers at SITE A (192.168.200…

Hello everyone, I have issue with routing over VPN IPsec tunnel. In my setup there are two Sophos XGS116 firewalls running SFOS 20.0.2 MR-2-Build378 located on HQ site and BO site. Each site has stabile ISP connection with static IPv4 address. VPN IPsec…

Hi, we're experiencing a problem with Ipsec Vpn (site2site) from Sophos to Cisco. In the Ipsec tunnel we have two subnet (subnet1 e subnet2) at sophos vpn side and one subnet (subnet3) in the remote site managed by cisco. It seems that only on subnet…

I recently add a new firewall for the branch office , so we have 2 firewalls one for the main office and one for the branch office, branch office can ping our ip's, but we from Main branch we can not ping any of their ip's, not even 1, it's really strange…

I have multiple Sophos site to site VPN's back to a central router. Whenever any of the sites losing connection they all re-connect except for 1. The Sophos VPN logs show "Couldn't authenticate the local gateway. Check the authentication settings on both…

Is there a way to check if the ISP router doesn't supports IKE2 causing IKE2 IPSEC tunnel to fail. A troubleshoot method or guide ? This is to proof to Service Providers that the problem lies in their end and not firewall.

Hello all, I currently have a XG firewall (FW-1), connected through IPSEC tunnel with another (FW-2). FW-1 has two LAN zones (LAN-A and LAN-B), both allowed through the IPSEC tunnel. FW-1 sends log messages (originated from the firewall itself…

Hi everyone, We have an IPsec site-to-site VPN connection between our Sophos and Fortigate devices. Currently, both the gateway and tunnel are UP and functioning properly. VLAN 10 and VLAN 20 are included in the local subnet configuration on the Sophos…

Very nice! I need help setting up an IPsec tunnel between sites, the firewall models are "UTM - SG135, Firmware 9.719-3" and "XGS2100 - Firmware (SFOS 20.0.0 GA-Build222)". We have researched through forums and followed some steps that match the errors…

implementing vpn site to site connection, causes problems with ip telephony, when starting the connection or disabling the connection causes my voip phones to start disconnecting from the pbx. once the connection is established and having the vpn connected…

Hi all, I was considering purchasing a virtual firewall, but I have a doubt to clear up. The vFW will mainly be used only to create a site to site where there will be about 100 users behind it. (There will be no local users on the LAN instead) In…

Hi all, I have an xgs 3100 firewall on which about 20 ipsec tunnels are attested. All these ipsec have fragmentation problems so I am forced to use mss-clamping. For example without mss-clamping an icmp packet passes as long as I set a size of 1400…

Hello, I found a solution where IPSec networks are distributed via OSPF and would like to know if this is correct? Can I use this in a productive environment? 1. SSH -> 4. Device Console 2. system ipsec_route add net 192.168.123.0/255.255.255.0 tunnelname…

[POST DE DEBATE SOBRE O ASSUNTO] Opa pessoal! Em minha infraestrutura eu tenho o escritório na matriz (XGS 3100) conectado a outros quatro escritórios filiais (XGS 136) por Tunel RED, utilizando a configuração RED Server no escritório matriz e RED Client…

We are wanting to connect our remote office, which is in a managed/shared office space building, to our head office. We have no control over the shared office netowrk. We have a XGS in the managed office space. The internet connection is supplied…

Hi, after updating to 20.0.2 the Site to Site VPN connection between our XGS (Host) and the Fritzbox is not working anymore. Before the Update is was workking without any problems. A downgrade to 20.0.0 is also impossible as the XGS always tells Firmware…

Hi, We need to establish a multiple site to site IPSEC VPN with a XG86w as the HQ. Both remote sites have a TELTONIKA RUT240 router. I am able to ping from HQ both remote sites, and from each remote site the HQ, but can’t ping a remote site from…

I Need help regarding my ipsec. I have two sites HQ and remote site. The firewall is connected through ipsec. I have set both inbound and outboud rules. But am still not able to ping each end of the firewall or to remotely access resources at HQ. Kindly…

My server is Sophos Firewall XG125 (SFOS 17.5.16 MR-16-Build830). Sophos connect works perfectly but the .ovpn file downloaded(via user interface) will not connect. I also used the details from the .tgb to build a config file for strongswan, but didn…