We have a sophos xgs with several ipsecn vpns site to site running. the Sophos XGS is responding to some VPNs that are without fixed public ipv4 adresses. One VPN incoming has no fixed static ip adress, but i need to enter that ip-adress at xgs to…

With Sophos Connect Admin I can modify Target host definition for IPSec remote access connection. With XG I can do same already on XG for SSL VPN (Override hostname). However, I cannot override hostname for IPSec remote access configuration via Web-console…

Hi Our staff currently VPN using the Sophos Connect client over IPSec with AD authentication. We are having a rebrand so will be changing our external domain name. But we will be keeping our old one. How do I confirgure AD and Sophos to use the…

Hello, I have a display problem with the Sophos Connect VPN tool, please find below a screenshot

Hello, i have yet again a strange error. We have some clients in our network that use openvpn connections with Openvpn client is v3.4.4.3. They can connect successfully and have mostly 1-2 Disconnects, but now constantly disconnects to the target. I…

Hi, i createa .pro file using the link https://docs.sophos.com/nsg/sophos-firewall/19.5/Help/en-us/webhelp/onlinehelp/AdministratorHelp/RemoteAccessVPN/IPsecSSL/SophosConnect/RAVPNSConProvisioningFile/index.html#templates but it does not switch over…

Hello, yesterday we set up MFA for IPSec Remote Access. We are using the local MFA. Now we having Problems with some Users, because after some time there are automatically logging out of the vpn (Sophos Connect). See Logs: Before the MFA. We used…

Ironically, when you have a fully working SophosConnect client, and you run the MSI in "repair" mode, the Sophos TAP Adapter will be removed but not added again, resulting in the Sophos Connect Service not starting.

Hello there, I am trying to connect to the VPN using the command line "sccli". When there no One Time Password, it works without a problem. But when OTP is active, I can't seem to get it done. I came across this post that says to use {PASSWORD}{TIMEOTP…

Hello , on upgraded system SFOS 20.0.0 GA-Build222), we encounter problems with VPN Client IPsec disconnection after 60 minutes, the system does not take into account the Dislabe Disconnect when tunnel is idle. can you help me solve problem , i have…

I would like to allow access to our IPSec VPN from our guest Wi-Fi for testing purposes. I have created a simple rule that allows internet access. Unfortunately, I always get an error when setting up the VPN connection. Anyone know a solution…

Currently when you export the SCX file (or use a provisioning/pro file to automatically update the VPN configuration in the Sophos Connect client) the file's "gateway" parameter has the WAN IP of the Sophos XG firewall. Our firewall is currently behind…

Hey guys, no change and I don't unterstand where is the problem. I have a Macbook. The internal Client ist connected but no access or ping to the internal resources. Any idea

When will IKEv2 for Remote Access VPN be available?

In SFOS 19.x or 20.x is it possible to restrict Sophos Connect (remote access) ipsec VPN clients by country without putting a 2nd XG firewall in front of the XG serving the VPN? Example: permit client vpn connections only from Canada.

Hi Guys, we have a network running with multiple sites. All the Sites are connected via IKEv2 Tunnel to our Sophos XG330 (via Lancom Routers). In each site we have a device running which is trying to connect (via OpenVPN Tunnel) (UPD Port 1194) to…

Hello Sophos Community, I'm rolling out Sophos Connect Client and IPsec provisioning file via group policies for a customer right now, everythings working fine except for one thing. When the vpn provisioning file is imported to sophos connect client…

We are fairly certain the setup is correct and the FW rules are in place, but remote access user cannot see internal resources on the LAN (other than the SOPHOS FW) when connected. After SOPHOS Connects successfully establishes the tunnel, the user can…

Hi peoples, So maybe i'm doing this wrong... im currently testing 2FA for VPN users. We are using the Sophos Connect client with IPSec into an XGS 116. Currently using DUO for the 2FA. Everything is connecting up fine, but i want to enable the option…

Hi, following problem. We use Sophos Connect Client version 2.2.90.1104 on Windows 10 and 11 and IPSec VPN. We set a prefered DNS on firewall. After the VPN connect, the DNS server is set on the VPN adapter settings in Windows. Than the problem began…

Hi, started to play with Sophos Connect since some customers ran in to issue with it: 1. there is centralized management of Sophos Connect (correct me if I am wrong) 2. there is difference in SSL VPN and IPSEC connections, how provision file works…

Any development on this feature? What is suggested to customer with 500+ remote people working over VPN? (And Sophos ZTNA is not the solution. We already seen that is doesn't cover most use cases.) Automatically Push Sophos Connect Upgrade

I understand I need to create a blackhole DNAT to block inbound IPSec traffic. What I also need to do is allow a few endpoints to establish a tunnel. To me, this means I need two NAT rules -- one to passthru legit IPSec and the other to blackhole. I…

Hi all, When editing an SCX file for Sophos XG / Connect VPN, is there a way that you can add comments into the file for information, i.e. in a split tunnel config, can we make a note of what the network address / range relates to? Current config…

Hi everybody, For some time now, I have been facing some problems with the Vpn Ipsec client, which shows the following error below. This happens to any user who tries a new connection, from what I noticed, users who are already connected do not experience…