Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 4 replies
  • Subscribers 26 subscribers
  • Views 2747 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL VPN connection not stable. High latency ping times

Hung Ho

Hi All,

My device: XG310 (SFOS 17.5.8 MR-8.HF052220.1)

Our client is facing an issue that the SSL VPN connection not stable after connecting a few minutes. They encounter connection dropped for a while, local services cannot access. Try to ping to the local subnet, ping time is terrible, it's around 500ms - 1500ms. Our XG firewall and VPN client are using the domestic internet. Actually, I don't know how to work around this issue.

My SSL VPN settings:

Protocol: UDP

Encryption algorithm: AES-256-CBC

Authentication algorithm: SHA2 256

Key size: 2048

Key lifetime: 57600

Appreciated if someone can help!

Thanks



This thread was automatically locked due to age.
Parents
  • FormerMember
    +1 FormerMember

    Hi  

    Thank you for reaching out to the Community!

    Is there any IPsec site to site tunnel configured on the firewall? If yes, is it a stable connection? If you have unstable IPsec tunnels then rune the following command from the console.

    set vpn conn-remove-tunnel-up disable

    • When disabled, it will not flush the connections when IPSec tunnels come up.

    Follow this KBA to access the console: Sophos XG Firewall: How to SSH to the firewall using PuTTY utility

    Type 4 to access the Device console.

    Note: If the information above does not apply in your case, please provide client logs for further investigation.

    Thanks,

  • 0 in reply to FormerMember

    Hi H_Patel,

     

    Yes, I have configured IPSec site to site tunnel on Firewall.

    Is IPSec affect SSL VPN?

     

    Thanks,

    Jacky

  • FormerMember
    0 FormerMember in reply to Hung Ho

    Hi  

    When the IPsec tunnel comes up, it will drop all UDP sessions, but you can disable this behavior. As you have an SSL VPN configured with UDP protocol, I would advise you to run the command I provided in my first response and monitor the issue and let us know how it turns out for you. 

    Thanks,

Reply
  • FormerMember
    0 FormerMember in reply to Hung Ho

    Hi  

    When the IPsec tunnel comes up, it will drop all UDP sessions, but you can disable this behavior. As you have an SSL VPN configured with UDP protocol, I would advise you to run the command I provided in my first response and monitor the issue and let us know how it turns out for you. 

    Thanks,

Children