This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SG 125w questions

I have a few questions about the SG 125w. We have one.

1. how do I block an external public IP address on the firewall? I have noticed in our L2TP over IPSec log that someone is trying to log in as myself using a different internet provider. They have tired using other things to connect but lately it's my account. Nothing stops them I know from changing their IP address all I want is to slow them down. 

2. is there anyway to setup L2TP over IPSec to work as a split tunnel connection? According to the Sophos support L2TP over IPSec cannot run as a split tunnel yet I have seen a lot of talk about doing in this forum (previous threads) but no direct method on how to set it up. Disappointed

3. other than backing up my profile and reinstalling UTM 9 again on my SG 125w (until we get a better firewall) is there no other way to fix the DB in UTM 9 other than using the rebuild command? Currently our CPU is hitting 95-99% usage since the DB issue started.**

4. Is there any other Remote Access (VPN) option I can use that will work with RADIUS on the UTM 9 SG 125w firewall? I know L2TP over IPSec has a lot of overhead, and in part we are having problems with Windows 11 clients trying to remote in. Previously it was a matter of getting them to uninstall their latest Windows CU to get them working over WiFi (from their remote connection) but now WiFi doesn't work and only having a wired connection works. Using W10 also works in wired/wireless mode. MS has supposedly fixed this issue a couple of months ago but I call BS because at some point when our staff are WFH they complain their W11 machines are having issues getting connecting to, then connecting to their desktops which gives them a black screen. I just don't see any option for SSL to work with RADIUS. Disappointed

** So I reached out Sophos support, one person recommended to backup my profile and reinstall UTM from scratch again because he didn't see any errors coming from the SSD inside and could figure out why the DB refused to rebuild. He eventually escalated to a L2 (I am going to say) who had a look and was quick to pass the buck back to me saying the CPU is so HIGH because we supposedly have 172 devices behind our firewall and our firewall is only made to support 40 devices behind it max. Which doesn't explain why it was working before the SG was patched two patches ago then it started having this problem. I explained this to the tech and they just didn't care. So I guess we won't be buying any new firewalls from Sophos then. Disappointed

Thanks,



This thread was automatically locked due to age.
  • Hello Andrew,

    Good day and thanks for reaching out to Sophos Community.

    Apologies for the inconvenience you have faced. Could you share with us the caseID you've opened with Support regarding the issues you have stated above?  (Items 3-4)

    Item #1 could be solved by configuring blackhole DNAT on UTM, #2 Yes, L2TP split tunnel is not supported on UTM, you may consider IPsec or SSL.

    Many thanks for your time and patience and thank you for choosing Sophos.

    Cheers,

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.

  • Hi Raphael,


    The ticket number was 06529914. I cannot seem to find the threads as I know I must have talked to about 3 other techs before I was escalated to a person named Jonathan.

    #1. What's blackhole? I don't see it on my UTM. 

    #2. I looked at SSL but I don't see a way to implement RADIUS which we need to do in our case. Not sure if IPsec is the same way with repsect to RADIUS (if it supports it not). 

    Thanks,

  • Hello Andrew, 

    Thanks for providing these details. 

    Configuring Blackhole DNAT for UTM is -> Network Protection -> NAT - New Nat Rule -> Rule Type: DNAT (Destination)

    For Traffic From: (List of IP you want to block)

    Service: Any

    Going to (WAN IP/External Public IP)

    Action

    Change Destination to: Null IP/ non-existent IP

    On the other hand, Upon reviewing the case GES has found out the the device you are using was undersized for the capacity it has - 174 live IPs for a 30sh load Firewall thus the CPU spike would persist. 

    Raphael Alganes
    Community Support Engineer | Sophos Technical Support
    Sophos Support Videos Product Documentation  |  @SophosSupport  | Sign up for SMS Alerts
    If a post solves your question use the 'Verify Answer' link.