This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG SSL not working as expected

Hello everyone,

I have migrated to the newest version of XG -> SFOS 17.1.1 MR-1

Unfortunately the SSL VPN is not working as expected.

1) At the remote user screen it shows me user twice, three, four times with different IP addresses while there is only one existing connection.

2) I can ping/connect only for a couple of minutes from my local network to the VPN clients.

E.g.: Ping to a remote machine is not working (time out) while vice versa I can ping from the remote machine to my computer which is inside my LAN.

Another example: SSH connection from my computer to a remote server works if the OpenVPN connection was established. After some minutes my connection gets lost without any further information. Ping which worked in the beginning is now also no longer possible.

Pinging from the remote server to my computer works without any problems.

Any suggestions why the SSL VPN is having such issues?

Kind regards,

mathias

This thread was automatically locked due to age.

0 FloSupport over 7 years ago
Hey Mathias Mühlbacher

Did this issue occur on your previous firmware?

Are all of your SSL VPN users affected?

Have you already attempted re-installing the SSL VPN configuration from the User Portal, to see if this resolves the issue?

Did you have Idle Timeout configured for your SSL VPN configuration?

Regards,
Florentino
Director, Global Community & Digital Support
Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question, please use the 'Verify Answer' button.

The Award-winning Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Cancel
0 Mathias Mühlbacher over 7 years ago in reply to FloSupport

Good morning Flo,

Did this issue occur on your previous firmware?

No, this issues did not occured on the previous version - I was able to connect from LAN to VPN devices.

Are all of your SSL VPN users affected?

Yes.

Have you already attempted re-installing the SSL VPN configuration from the User Portal, to see if this resolves the issue?

I am using both: One device is using the old SSL VPN config file while the newest VPN member is using the newest SSL VPN configuration.

Both are having issues.

Did you have Idle Timeout configured for your SSL VPN configuration?

No, I have not set an idle time out for SSL VPN.

Kind regards,

Mathias
Cancel
Vote Up 0 Vote Down

Cancel
0 FloSupport over 7 years ago in reply to Mathias Mühlbacher

Hey Mathias,

On the CLI of the XG, if you perform an ifconfig, are you able to observe any dropped or packet errors for your Tun0 interface?

If there are dropped packets, this could indicate a possible MTU MSS issue. Check out #4 on this troubleshooting guide for info regarding this.

Regards,

Florentino
Director, Global Community & Digital Support
Are you a Sophos Partner? | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question, please use the 'Verify Answer' button.

The Award-winning Home of Sophos Support Videos! - Visit Sophos Techvids
Cancel
Vote Up 0 Vote Down

Cancel