Thread Info
  • State Verified Answer
  • +3 person also asked this people also asked this
  • Locked Locked
  • Replies 109 replies
  • Answers 1 answer
  • Subscribers 72 subscribers
  • Views 64030 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG Firewall v18 MR-3: Feedback and experiences

twister5800

Hi all,

Shall we start this new thread with the looks and feels of XG v18 MR-3?

community.sophos.com/.../xg-firewall-v18-mr3



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to rfcat_vk

    Ian, do you have a Jira ID I can reference so I can take a look at status?

  • 0 in reply to PMStuart

    Hi,

    sorry, I am a home user and not able to create reports except in these forums. The security setting seems to fail after about 30 minutes.

    An update, it only appear to affect the iPAD, I haven't tried the iPhones yet.

    Ian

  • 0 in reply to rfcat_vk

    Hi PMStuart,

    Being of an experimental person by nature this morning I setup a SSL/TLS rule setup specifically for the iPAD, total failure, the only the applications that worked (one) facebook because there are exceptions for it. Everything else timed out including this site. The logviewer shows the connections all succeeding.

    Further, the mac mini mail failed two connections to one ISP and timed out. As soon as the iMAPs is removed from scanning the connections restore.

    Ian

  • 0 in reply to rfcat_vk

    Hi All,

    good start as well,

    1. had a customer who has been having issues with Client IPSec VPNs disconnecting throughout the day, no longer happening since upgrade!

    2. My home unit now reacts better and is a lot smoother as well.

    the only bad point is that another customer is still having issues with a S2S IKE v2 VPN disconnecting throughout the day, even after upgrade, and when there is no traffic on the connection.

    Between the XG210 and a Draytek 2862 - both on latest firmware - if anyone has any ideas I would love to hear them (as I have now resorted to using support, which could be months before it is even looked at)

  • 0 in reply to Argo

    Hi Argo,

    We would have checked this issue in the lab, but we dont have the Draytek box. Will it be possible to share the device for debug ?

  • 0 in reply to Argo

    I have a number of site to site VPNs with Draytek 2862's that have been rock solid.

    if you can post your Draytek settings, I'll compare them to mine.

  • 0 in reply to Argo

    Hi Argo - Are you still facing the problem ? If yes, as I have mentioned before, we dont have the Draytek device, would you mind sharing the setup to go through the config ?

  • 0 in reply to Giridhar Katti

    Hi All, here is the config which is set. The UTM is not problem at all but the XG just will not stay pinned up.

    here is the Draytek 2862 config, I have tried both IKEv1 and IKEv2 both have the same problem.

    also the IKE phase 2 key lifetime is set at 28800 as support asked me to change it

    Here is the XG v18 MR3 policy

    support are looking at it, but there is not much in the way of a fix only one comment, and trying to wait for them to get back is becoming tedious.

    any help appreciated.

  • 0 in reply to Argo

    Hi Argo

    Most of your settings are the same as mine, with the exception of some of the timeout values.

    The main difference I can see is in your IPSec policy - Dead Peer Detection. If I understand correctly, with no traffic, this will cause your VPN to disconnect. Maybe try disabling and see if that resolves your problem.

    BTW, I feel your pain with Sophos Support - I can't get Radius authentication to work across my VPNs since replacing a Sonicwall with an XG. Response from support has been appalling!

  • 0 in reply to Mister Boo

    I will try this, although would the disconnect happen after 8 hours or the time on the DPD?