still no customized IPsec policy's

I'm being told the new client should support customized IPsec policy's. As far as I could see that's not implemented so far.

As long as this is not possible connection will still be terminated after 4 hour's if user does not re-authenticate with OTP because there is no way the change Rekey time for IKE. Would that be possible in the near future?

Parents

0 Dan Kahle over 3 years ago
Had this problem too, was told by support that you could extend it to up to 24 hours by following these steps.

ikekeylife is in seconds.

NOTE: this is on a XG, no idea about the other product lines. I also have no idea if the policyid=5 is specific to our environment or not.

Disable Sophos Connect VPN

Login to Advanced CLI on the firewall

Run this command

psql -U nobody -d corporate -c "update tblvpnpolicy set ikekeylife=86400 where policyid=5;"

should output "UPDATE 1"

Enable Sophos Connect VPN

Download the new configuration for the client.

86400 = 24 hours.

So, just saying there is a LITTLE flexibility.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Jonnie over 3 years ago in reply to Dan Kahle

Dan Kahle said:

psql -U nobody -d corporate -c "update tblvpnpolicy set ikekeylife=86400 where policyid=5;"

Hey thanks that you shared this information with us.

One question, is "tblvpnpolicy" a specific value one from your enviroment ?

Regards,
Jonny
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Dan Kahle over 3 years ago in reply to Jonnie

It does not appear to be, we have 2 sets of XG's, the command worked on both sets and adjusted the lifetime as expected.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Dan Kahle over 3 years ago in reply to Jonnie

It does not appear to be, we have 2 sets of XG's, the command worked on both sets and adjusted the lifetime as expected.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data