With have a Sophos UTM 9 instance running in an EC2 VM that we use to VPN to our AWS accounts from our laptops for several years now and are generally happy with the way it works.
Sophos was configured by importing configuration into Amazon VPC section of Sophos. A new configuration was imported recently for a new AWS Account. Since then, one or more BGP routes fail to propagate. It is not always the same route that fails - disabling and re-enabling the broken VPC connection in Sophos adds the route, but one or more routes get removed. We can see this happening in the Support | Advanced | Route Tables view in Sophos - some routes are just missing. We are using BGP, but don't have the BGP module enabled in Sophos. I don't believe that is necessary, and this has worked for several years already.
The status of all the VPC Tunnels is healthy, both in Sophos and AWS.
One last thing that might be relevant - the last VPC Configuration we imported was to a Transit Gateway in AWS, not a Customer Gateway. Will that cause issues? If the route ends up in the route table, this does work.
Do you have any ideas what might be wrong? It almost looks like there is a maximum size to the route table in Sophos - is that the case? Is there a way to raise the limit if that is the case?
Thanks!
This thread was automatically locked due to age.