Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 1 reply
  • Subscribers 26 subscribers
  • Views 363 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Connect issues w/17.5 MR10

cbunting

Our XG210 updated to MR10 and "sophos connect" no longer worked reliably. The clients would drop, however they still showed connected on both ends, they would just not pass any traffic.

I followed a KB article referencing disabling flushing IPSEC and that did not seem to make any difference.

I rolled the HA cluster back to MR9, and all is well again.

It seems like every time the firewall is upgraded/updated to a new MR, sophos connect stops working, sometimes it requires upgrading client... is this to be expected? Is there an easier way to upgrade clients like auto update coming in the future? This is a pita.

In addition, any time I add a new user to access sophos connect (on the sophos connect tab under VPN) and click save, it drops all connected clients... Is there a way to prevent this? Unfortunately the users need to log into the user portal themselves before I can add them to allowed users (a dumb feature/or shortfall if you ask me) so I sometimes need to add new users to sophos connect on the fly.

Thanks



This thread was automatically locked due to age.
Parents
  • 0

    Hi  

    Sorry for the delayed response and inconvincible caused, for communication issues, we required to capture the logs in the specific firmware version where you are facing the issue. When the issue occurred, please take tcpdump or packet capture from GUI on the IP leased to Sophos Connect client on specific users also take tcpdump on specific user's public IP and proto 50 to check ESP packets.

    When you click save, it will auto-connect the clients again and it is expected behavior as of now, that it disconnects and auto-connect the client when you click on the Save button.

    You can use the import feature to import the users in the XG database so you can avoid user portal authentication for each user and select them in Sophos connect configuration.

Reply
  • 0

    Hi  

    Sorry for the delayed response and inconvincible caused, for communication issues, we required to capture the logs in the specific firmware version where you are facing the issue. When the issue occurred, please take tcpdump or packet capture from GUI on the IP leased to Sophos Connect client on specific users also take tcpdump on specific user's public IP and proto 50 to check ESP packets.

    When you click save, it will auto-connect the clients again and it is expected behavior as of now, that it disconnects and auto-connect the client when you click on the Save button.

    You can use the import feature to import the users in the XG database so you can avoid user portal authentication for each user and select them in Sophos connect configuration.

Children
No Data