Very nice! I need help setting up an IPsec tunnel between sites, the firewall models are "UTM - SG135, Firmware 9.719-3" and "XGS2100 - Firmware (SFOS 20.0.0 GA-Build222)". We have researched through forums and followed some steps that match the errors…

We are wanting to connect our remote office, which is in a managed/shared office space building, to our head office. We have no control over the shared office netowrk. We have a XGS in the managed office space. The internet connection is supplied…

Hi, Good day! I am looking for guidance regarding my network configuration involving two ISPs connected to my firewall. One set as active and the other as a backup. This setup has enabled us to utilize Remote IPsec VPN effectively. I am currently…

Hi I need to translate packets between an ISec and a RED 20. There is an IPSec tunnel with 172.18.10.0/24 on the remote site and 172.26.143.1/24 on the Sophos. I have a RED device with 192.168.54.1/24. I would access form REDs subnets hosts (maybe…

Hello, Im trying to test out Cloudflare magicwan and the guide says to disable ipsec anti replay protection. The guide shows a command for sfos v19 however this doesn't seem to exist in v20. The command is: set vpn ipsec-performance-setting anti…

Hello, we are currently using Sophos Firewalls in a Hub-and-Spoke topology running SFOS 20.0. Some spokes are using WAN connections with dynamic IPs which will change from time to time. On those units we can observe that the corresponding XFRM interface…

Hello, I verified that my Sophos XGS SFOS 20.0.0 GA-Build222 has OpenVPN 2.4.7 which is vulnerable to CVE-2020-20813 which according to NIST has a high level. As I use SSL VPN for remote access, I need to know if my firewall is vulnerable. Best Regards…

Hello, we are doing a migration from old XG330 to a XGS3300 I have a question regarding the sophos connect client, which is currently used with the XG. the current sophos client is openvpn 2.3.8 The new one is in version 2.3, but, do we have a…

Hello, I am experiencing the issues listed in NC-120119 when I am using TCP mode for my SSL VPNs. I have a select number of users who I required to get a static IP address, however when they are connected, if they change network type and it tries…

Good day, On our XG230 [ SFOS 20.0.0 GA-Build222] we have two IPsec site-to-site tunnels on two different GWs. Both connect to the same remote GW but use Different NATed local Subnets to Fortigate Firewall. IPSec policies are the same no change there…

I have a Sophos that has a publicly accessible IP address which I will call 47.x.x.x, and this same IP is also publicly reachable via DNS name which I will call myhost.com. I have IPsec set up and working on my Sophos v20 firewall. I have Sophos Client…

In SSL VPN Global Settings, when I try to apply, I get the error message " You must enter a network IP address." This happens even when I don't make any changes. Any idea what's going on, and how to fix it? I'm on a XG125w (SFOS 20.0.0 GA-Build222…

I have set up a SSL VPN connection in SOHPOS Firewall v20 Build 222. I can access local services and machines no problems there, but I cant get internet access. When I ping external sources no packages comes through, however domain names are resolved…

We have 2 XG330 in HA, a 300Mbit connection and are using the SFOS 20.0.0 GA-Build222 firmware with Sophos Connect. Using the SSL VPN with UDP we are seeing speeds of 3.6Mbit down and 6.9Mbit up. The Client has 100Mbit. I've read a lot of different…

Hello, I have an issue with site to site vpn IPSec. I suppose it is a bug. Scenario: You have 1 WAN port (port 2) You have some created site to site VPN IPSEC (initiate the connection type) Follow these steps to reproduce the issue: - Configure…

Hello there I'm using version XGS2100 (SFOS 20.0.0 GA-Build222) and getting an error in SSL VPN Static IP When I use static IP for VPN user, the firewall cannot connect to the static ip of vpn user When i have the static IP Address disabled in my…

I have two home deployments of Sophos Firewall v20, one at home and one at a family vacation home. I've set up VPN, routes, and rules between without issue. But the strangest issue that I can't seem to resolve is that with the vacation home the Admin…

I'm using the Home Firewall 20.0. I configured IPSec VPN using the Sophos instructional video. I used the default profile. I'm on the road, and trying to connect to devices on my home LAN, via the VPN. Let's call the LAN subnet X.X.X.0/24. The Sophos…

Hello! We are an MSP with about 20 clients that have servers hosted in Azure. These 20 clients have various hardware models of Sophos XG and XGS firewalls with various steps of firmware from 19.5.3 to 20.0.22. Those firewalls have an IPSec site to site…

I reviewed this : Force specific websites through VPN tunnel? This works for SSL VPN. However adding a host IP under IPsec Remote Access does nothing. Also cannot add an FQDN host under IPsec Remote Access under v20. Is there any way to get this…

I am testing a new XGS 136 (SFOS 20.0.0 GA-Build222) offsite to replace an onsite XG 135 ( SFOS 19.0.2 MR-2-Build472). The backup of the XG 135 was used to setup the XGS 136. We have never used the IPsec Site-to-Site connection before but may have a…

I am referring this post with similar issue DNS request to DNS over Site2Site VPN I have below setup XG310 -- branch office XG430 -HA -- Head office Now I got XGS2100 - 2nd branch office ( Gateway local ip: 172.16.1.100 ) XGS2100 …

Hi, We are using Sophos Firewall XG310 , SFOS v20. It's been 4 month we have established Site-to-Site VPN, and today suddenly our connection is Down with many " Received IKE message with invalid SPI (D3EED417) from the remote gateway " log messages…

Hi everyone, I have updated my XG to the new SFOS 20 and set everything up according to the knowledgebase article. When I now go to my URL " ">https://firewall.my_Domain.de" , I get a "forbidden" I also have a WAF rule that points to my bookstack. As…

For a few days now I have been attempting to get a ipsec site to site between these two firewalls and even have the pro customer support pfsense involved. All there suggestions have been unsuccessful in getting the two to talk to each other. all guides…