Hello there I'm using version XGS2100 (SFOS 20.0.0 GA-Build222) and getting an error in SSL VPN Static IP When I use static IP for VPN user, the firewall cannot connect to the static ip of vpn user When i have the static IP Address disabled in my…

We created SSL VPN from Sophos firewall But still connection from sophos connect not stablished, the indication error displayed by this message " DNS Resolution failed for gateway : Firewall DNS Name

I'm aware of the KB that states when it is required to re-download the SSLVPN configuration when changing global settings but it doesn't specify the certificate as one of these things. So what happens if you renew an active certificate before it expires…

Hi, we cant geht Sophos Connect Software on a MacBook Pro 2021 macOS 14.4.1 (with M1 Chip) imorting the SSL VPN .opnv Files Error: can't parse the file we tryed to change the Config removing: comp-lzo yes adding: compress lzo according…

This message pops up when I try to connect. We have other people using the same setup without issue. Is there something wrong with my config file? It does connect, but it needs to be secure. My Config file looks like this: [ { "gateway": "REDACTED…

Hi, I have an internal IP exposted to the public IP and this also works like it should. External traffic is translated to that host and you can access that host from the Internet. Now I wanted to add a SSL VPN Connection, made a firewall rule, a policy…

Sophos Connect still uses the very old OpenVPN version 2.5.6.0 and there have been some security annoucements since that version: https://community.openvpn.net/openvpn/wiki/SecurityAnnouncements e.g. the last CVE-2024-27459: Windows: fix a possible…

Hello, good morning, my vpn connect is something strange, apparently when I connect it to my laptop and connect to another network the vpn grabs me, but the users who install the vpn connect, I enter their credentials, it looks like the image, they are…

I have some services running on a local server behind a reverse proxy and those services are protected from access outside IP subnets not specified in the reverse proxy settings. In my local router, I have the addresses for all these services listed…

On my phone connected via OVPN I can access local network resources by IP but name resolution won't work. VPN: SSL VPN (remote access) I have Policy Members setup Use as default gateway is on Permitted network sources IPv4 is set to my local LAN VPN…

Dear, I have a site-to-site VPN between a Sophos XGS87 and a fortigate. I need SSL VPN users on my Sophos to have access to remote networks from this fortigate. Local networks on the Sophos XGS87 side: 10.40.85.0/24 10.50.85.0/24 Sophos SSL VPN…

We are having an Issue with the VPN Connection of a single Client. Users are authenticated via AD, the Sophos Connect Client and Config file was downloaded from the Sophos VPN Portal. When starting the VPN Connection it loads forever until it eventually…

Hi everyone, been curious lately, is it possible to have something like checkpoint conditional access (like is windows up to date, is defender/antivius activated and so on) before allowing to the vpn gateway. And im not talking abou ZTNA since that…

Hi all, I'm struggling with setting up Sophos VPN Client on user's Windows computers. What behaviour I expect is to automatically connect when user connects any network except internal LAN/WIFI. So if users is turning on the laptop at home and…

Is there any way to activate the MFA box at login in Sophos Connect direct in a .ovpn config (no provisioning)? I guess with provisioning the firewall will also only create a .ovpn config with a parameter for MFA. client dev tun proto udp verify-x509…

Hello! I know that a few years ago there was a feature request on the currently retired Sophos's ideas portal, regarding remote access SSL VPN with certificate only based authentication, for Sophos XGS firewalls. Does anybody know if it's possible right…

Hello, we're using a Sophos XG 135 in Cluster as VPN-Endpoint. On the client side, we're using Sophos Connect with a provisioningfile. If a client gets a IPv6-Lease (on the WiFi-Adapter in Windows, for example), users can't connect with Sophos Connect…

Hi, what is the status of this development, when is it coming? has sophos not yet understood how important this is for customers? the workaround that you send to people here in the forum does not always work properly either. we need a solutions, now…

Hello everyone, I searched the forum if there is a way to limit SSL VPN access to a specific Public Ip Address but it seems to me that You cannot do it. I see that when You create a Group or a User there is a section called "Limit access" that lets…

Hi, when using SSLVPN in split-tunnel mode, DNS resolution to internal resources is not possible. A ping returns "Host not found". When I perform a nslookup, the XGS is contacted and resolves successfully. I've also tried several VPN clients, including…

Good day l am trying to use SSl vpn on android devices. and open vpn is showing the below error. OPEN VPN stuck on Resolve : Cannot resolve host address : 8443 : tcp-client (servername not supported for ai_socket). The vpn is working fine on sophos…

Hi, we are using SSL VPN and i have added public IP address in override hostname for vpn access. if ISP Failure that case i need to change or change in .OVA file. now we need to add hostname instead of ip address

I am a Mac user, until today I used Sophos Connect for Mac version 1.4 (ipsec VPN) I realized that there was a CVE on the Mac version of the application, but not on the Windows version, which has since been updated. So I'm at a dead end. My only option…

Hi, Currently we are using Firewall XG310 and SFOS v20 . My question is : 1. How to bind vpn user mac-address without asking their mac-address manually? Could sophos FW detect it automatically ? 2. Could we set vpn user state duration ? Example…

While troubleshooting a SSL VPN connection I tried different certificates, which I successfully added as "trusted" in the Certifcates section of the WebUI. When I download the ovpn-config file from the VPN portal I found that every time I try a new…