Hi guys I can't see the wood for the trees -- so please forgive me this (probably stupid) question: When using PSK for IPsec without certificates, everything is working properly. It asks for password (or I save my password) click Connect and it works…

Hi folks, I did setup a remote access IPsec profile with a uthentication type digital certificate. The local certificate was created with a CSR by the firewall with help of OpenSSL under Linux and the remote certificate as described in docs.sophos…

HI all, Hoping you can help. Recently an external website we access has been updated and hosted elsewhere. Following the move we now get the following error but only when connecting via the VPN (Remote access). We can browse to the site without issue…

Case is not resolved. Please open the case. Sophos team has migrated cyberoam to Sophos firewall & Its working properly from last 3years with Cyberaom certificate which expiry is 2036. The issue is Sophos connect 2.3 is not working but 2.2 & 2…

Hey there, on old SUM Firewalls there was an SSL VPN Installer incl. configuration on Userportal. When you have installed this, you got an openvpn.cfg file and the user certificate. I have changed our Firewall to an XGS and now i need the new…

I'm aware of the KB that states when it is required to re-download the SSLVPN configuration when changing global settings but it doesn't specify the certificate as one of these things. So what happens if you renew an active certificate before it expires…

Hello! I know that a few years ago there was a feature request on the currently retired Sophos's ideas portal, regarding remote access SSL VPN with certificate only based authentication, for Sophos XGS firewalls. Does anybody know if it's possible right…

Last year or so ago we had a case regarding this issue. Once again a vendor conducted a friendly PCI scan on our public interfaces and send us a notice of Non-compliance. The robot scanner is seeing the self-signed appliance certificate on PORT 3400…

On Sophos Firewall, if I update and regenerate the default CA, what are the implications? I have a firewall that is setup, the default CA hasn't been customised so far. I need to setup a S2S IPsec VPN with certificates and wanted to customise this before…

While troubleshooting a SSL VPN connection I tried different certificates, which I successfully added as "trusted" in the Certifcates section of the WebUI. When I download the ovpn-config file from the VPN portal I found that every time I try a new…

Hi, One thung bothers me regarding SSL certificates. I will have some 30 SSL VPN users on XGS , and I intend to install commercial SSL certificate. But it only has 1 year validity. Does it mean I will need to push .OVPN config to end users every year…

I have a dedicated VLAN in our network and a dedicated AD username for guest users. I am not using Sophos wireless network, I use another brand wireless network. I am using SFOS 19.5.3 Every time my guest users browse the internet after logging into…

Hi, We have a XGS2300 (SFOS 19.5.3 MR-3-Build652 with an SSL Remote Access VPN with OpenVPN clients. Not sure if this was a Sophos or OpenVPN issue but I had to start somewhere. I had a user call last last night with a Peer Certificate Verification…

Hello. We have a client using Sophos Firewall installed in a VM. ( Firmware 17.5.12) They are have expired SSL CA Certificate and when they applied new SSL CA Certificate, it shows error and VPN users unable to connect. So, now they are using expired…

Hello to all, I would like to set up an L2TP remote access VPN connection with authentication via certificate. Unfortunately, this does not work if an intermediate certificate is used without having to modify the ipsec configuration via shell. Environment…

Hi all, We have a Sophos XGS firewall and we have imported a self signed certificate from our organization to the firewall which is used for the admin console and user portal under Admin console and end-user interaction -> certificate. We have also…

Good Afternoon, We have recently performed a migration from Sophos UTM to Sophos XGS and I am currently working on re-instating the SSL VPN service for use by our third party support companies. We operate two DCs with services either 'homed' in a specific…

Hello, do you know if is possible to use a third party wildcard certificate to configure an SSL remote access on an XG firewall? Thank you in advance, Marco.

Hi folks, we are currently in the rollout of SSL-VPN Configurations and noticed performance issues at users which are using LTE Internet connections with latency. So we want to improve performance by switching from tcp to udp at the sophos firewall…

Remote Access VPN IPSEC with Authentication type certificate does still lead to invalid connection .scx file on SFOS 19.5.0 GA-Build197, SFOS 19.5.1 MR-1-Build278 and SFOS 19.5.2 MR-2-Build624 if the "Organization name" in the Certificate does contain…

Hi, is there any way to generate the "per user certificates" used for SSLVPN without logging in to the userportal as an admin? Users are AD users. We have a big SSLVPN rollout and this would help us to do this much faster. Regards, Sebastia…

Hi, I was trying to connect site-to-site vpn, But it was not working with below. 1)upload local certificate 2)Remote certificate is selected as External certificate 3)upload Remote CA Certificate Below is the image to depicts what i was tried…

I'm setting up IPsec tunnels between HO and several branch offices using IPSec with certificates. I'm confused what to put in the SANs or Cert identifier fields. I played with the Cert Identifier using DNS names but it looks like they all have to resolve…

SSL Certificate Distribution – I just wanted to check that there is no way to add a link to the SSL certificate that clients need to install from the Sophos Sign In Page? The Smoothwall Sign In Page had a separate section which allowed you to download…

Howdy, Issue with configuring cert based site-to-site VPN on Sophos XG 87 I am trying to build a certificate based IPsec tunnel on my new Sophos XG 87 FW v19. 1) I created the CSR by going to certificates > add> generate certificate signing request…