Syslog error - what would cause these?

Hi K M 

Thank you for reaching out to the Community! 

Is there any IPsec VPN connection on the XG firewall with IP address 54.39.215.32 as a remote gateway? The event logs indicate a firewall is failing to establish an IPsec connection with the IP address 54.39.215.32, and it could be due to the preshared key mismatch. 

Thanks,

The only VPN we use is the SSL VPN and that IP is not familiar (it is in Canada and we are not).  Is there something I need to review to stop this as a potential threat?

Hi K M 

Was there any IPsec connection configured in the past on this firewall? Or do you have a connect client configured on your firewall? 

Could you please confirm if you see this traffic on UDP port 500? 

You could configure the blackhole DNAT rule to avoid getting these log entries for UDP port 500.

Check out the following KBA for more info: Sophos XG: Creating a blackhole DNAT.

Thanks,

Hi K M 

Was there any IPsec connection configured in the past on this firewall? Or do you have a connect client configured on your firewall? 

Could you please confirm if you see this traffic on UDP port 500? 

You could configure the blackhole DNAT rule to avoid getting these log entries for UDP port 500.

Check out the following KBA for more info: Sophos XG: Creating a blackhole DNAT.

Thanks,

Ah - we did try Connect Client to test it as an "always-on" VPN, but it had major issues for us.  Looks like we forgot to disable it.  Thanks.

Hi K M 

Thank you for the update! 

Please update the thread if disabling the connect client configuration resolves your issue. 

Thanks,