Hi everyone, We have a cloud Sophos 19.5 appliance with a public IP. We use it to setup a site to site SSL VPN to another Sophos 19.5 with is located behind a 3rd party firewall. For some reason, the VPN behaviour is erratic. It could work for few…

Hi, I have Sophos XG on ver 19.5. I noticed that when my device is on mobile data which has IPv6 and IPv4 of 172.56.x.x, the VPN won't connect. There are also no logs on the firewall so it was never reached to it. I do not have IPv6 rules and SSLVPN setting…

Hi, we are using the IPsec Remote Access as our home office solution. We have 2 ISP-connections connected to 2 seperate inferfaces on our Sophos XGS 3100 . Once i configured the IPsec profile and policy I stuttered that there is no option to select…

Hi all, I got the following error when I tried to configure GRE tunnel on my Sophos FW (v19.5, home). console> system gre tunnel add name GRE1 local-gw Port1 % Error: Unknown Parameter 'Port1' The WAN port I am trying to configure GRE is Port1,…

hello everyone, i have HQ and Branch Connected with Red - 20 and firewall XG 19.5, i have two internet connection, i made a rule to make the branch to take internet from the HQ to set Web filter, but the internet was too slow in the Branch so every…

I have a new install of v19.5 on my own hardware (protectli vault), switched from pfsense this week. The firewall is performing very well with one exception. I configured a "country block" rule and blackhole NAT at the top of the rules. But once I do…

hi all, we encountered some limitation with sophos fw, under SFOS 19.5 with IPSEC configuration. There is no possibility to set null encryption under ipsec phase 2 part. Is there a way to bypass this limitation ?

- XGS with SSL VPN activated on LAN zone (or any other zone) that has interfaces with no IP address (LAG, DHCP...) ends with remote entries in SSL VPN configuration file where the IP is missing - the connect client does not check it and interpreting the…

Hi there Have setup a VPN to AWS from a XG on v 19.5 firmware I used the VPC config file provided by AWS on the VPN Gateway and uploaded it to the Sophos as a VPC site to site VPN. The BGP and VPN comes up - however once up the WAN interface…

Hello all, We have a problem with one of our software applications. We are using SFOS 19.5.0 GA-Build197. The software needs to connect to a remote server which is only available via site-to-site VPN. The connection is configured and is working (green…

Hi, I've depolyed a site-to-site SSL VPN between two XGS (HO Server and BO Client) HO network is 192.168.3.0/24 and BO network is 192.168.2.0/24. I'm able to ping from BO to HO but not the opposite. Tha packet capture says IP_Spoof - Violation…

Hi, We have configured IPsec remote access VPN and wants to achieve two profiles for both primary and secondary ISP. We have come to know that it's not possible in IPsec remote VPN currently. But I have seen that we can have multiple Gateways defined…

Hi, Is MAC binding feature introduced in v19.5. As we want to achieve MAC binding in IPsec remote access VPN so that only allow MAC addresses can connect to VPN. After searching, this is not achievable as XG doesn't recognize MAC pre-connection. …

Hi, after some testing I got the ip-sec part to connect but now I recive a error in l2tp. "<l2t-1|94> received netlink error: Invalid argument (22)", I did some searching and it might be related to hw acceleration. But I don't know how to disable…

Hello there, When i have the static IP Address disabled in my SSL Global Config it works fine, the firewall can reach all the devices connected through VPN. The issue comes when I enable the Static IP Address in SSL VPN Global Config, When I assign…

We've moved to Sophos Connect and have found that some of our users are losing their connections in the app. For instance, as part of a software deployment, we will push Sophos Connect and the Provisioning File to the client with an automatic import…

Hello guys, I have IPsec Tunnel Site-to-Site with this lans: 192.168.22.0/24 192.168.26.0/24 On the lan 26.0 i need to reach 1 machine and that machine got the ip 192.168.22.140. On diagnostic of firewall i can ping that machine but on CMD…

Hi to all Sophos Community, I was wondering if you had any idea on this problem. First time using Sophos firewalls, mostly working on them via Sophos Central Web Admin. So I enabled IPSec VPNs, it does work with local created users. Company asked…

Hello I have sophos xg 210 version 19.5 and i want to block social media for users how use ssl remote access sincerly

Hey Guys, I have followed the guides for creating an SSL-VPN that authenticates through Active Directory. When I have my laptop internal to the network and initiate a VPN connect it works fine. Connection is established. The logs show this. However…

Main firewall: XGS2100 at v.19.5 new Remote firewall: XG125w at v.19.5 old remote RED15 I am trying to migrate a remote site from RED15 to a site-site RED using a XG125w while keeping the remote LAN IP range intact. I set up the new remote RED tunnel…

Just upgraded from 19.5.0 GA-Build197 to 19.5.1 MR-1-Build278 in hopes that this would be resolved. The issue is mobile phones are unable to reconnect the SSL VPN when they roam between different networks, eg from a local wifi to mobile isp and vice…

Hi Guys, is IKEv2 finally included in v 19.5 for Remote Access VPN? Thanks a lot, Dustin

Hello, I have a Sophos XGS 2100 in the HQ and in the outher locations XGS116/126. So on some of the XGS 126 i have a Problem with the Site to Site VPN. In the Web-Gui the Firewall shows all connection green. both of the FWs But i can not…

Please help @SophosSupport. New Case: 06174968 (related to closed case: 05546492) RED60 Connects back to XG310 (SFOS 19.5.0 GA-Build197) We are just now noticing that the DEFAULT network traffic isn't being passed. All TAGGED Vlan traffic…