Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 26 subscribers
  • Views 724 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Connect Client cant access internal services after some time and stays connected

Sophos User3142

Hi

We observe the following problem with our Sophos Connect VPN connections.

We do not use the option "Disconnect when tunnel is idle" but still the tunnel gets interrupted but the Sophos Connect client reports a connected tunnel. (Green checkmark in the icon) The client cant access any services from the internal network (neither ping nor other high level services works anymore) but the clients can still ping the internal ip adress of the Sophos XG Firewall.

When the connection is terminated by the client (Disconnect) through the Sophos Connect Gui interface and the connection is reconnected, everything works for some time. Generally we've seen times where the connection works from 10 to 30 minutes.

Cheers

Christoph



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi  

    Thank you for reaching out to the Community! 

    What are the current firmware version and model number on your firewall? 

    When this issue occurs, have you noticed any traffic drops on the firewall from the client? 

    Thanks,

  • 0 in reply to FormerMember

    Hi H_Patel

    There is no visual packet drop on the graphs visible. We tested the (Sophos Connect) with one of our notebooks. We check the connection with two ping commands. One to the internal ip of the firewall and one ping to one of our internal servers. The ping to the internal firewall ip works without interruptions, but the other ping stops working after some time. We have seen times between a few minutes and up to 15/20 minutes. The colleagues find this really annoying.

    I want to add a bit more information about our setup. We have configured the Authorization Server for AD to one of our AD Servers. The STAS Client is also running on one of our AD Domain servers.The users are synced to the firewall and to sophos central. All computers have the Sophos Endpoint installed (even those that are not part of the domain yet)

    The notebooks of the colleagues are also joined to the domain, where we see the problems with the sophos connect connection.

    We also have a few notebooks that are standalone (not joined to the domain). There is also the sophos connect client installed. We have not seen the problems on those notebooks.

    The following information can be seen in the auth logs of the XG

    I

    Hope you can help us to narrow down the cause for the problem.

     

    Cheers

    Christoph

Reply
  • 0 in reply to FormerMember

    Hi H_Patel

    There is no visual packet drop on the graphs visible. We tested the (Sophos Connect) with one of our notebooks. We check the connection with two ping commands. One to the internal ip of the firewall and one ping to one of our internal servers. The ping to the internal firewall ip works without interruptions, but the other ping stops working after some time. We have seen times between a few minutes and up to 15/20 minutes. The colleagues find this really annoying.

    I want to add a bit more information about our setup. We have configured the Authorization Server for AD to one of our AD Servers. The STAS Client is also running on one of our AD Domain servers.The users are synced to the firewall and to sophos central. All computers have the Sophos Endpoint installed (even those that are not part of the domain yet)

    The notebooks of the colleagues are also joined to the domain, where we see the problems with the sophos connect connection.

    We also have a few notebooks that are standalone (not joined to the domain). There is also the sophos connect client installed. We have not seen the problems on those notebooks.

    The following information can be seen in the auth logs of the XG

    I

    Hope you can help us to narrow down the cause for the problem.

     

    Cheers

    Christoph

Children
No Data