Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 2840 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Outgoing VPN connections constantly disconnect when used through our XG Firewall

AllanD

Never got a good reply so posting again.  This is mostly a copy of https://community.sophos.com/xg-firewall/f/discussions/122785/other-vendor-vpn-s-constantly-disconnect-when-used-through-a-xg-firewall (posted 6 months ago and now locked due to inactivity) and another user had the same issue also over 3 years ago with no replies (https://community.sophos.com/products/xg-firewall/f/network-and-routing/86386/vpns-keep-disconnecting#pi2147=2).  It's also seems to be the same as https://community.sophos.com/utm-firewall/f/general-discussion/120726/outgoing-ssl-vpn-connection-dropping and in that case it seems Sophos support blamed the other vendor (which CANNOT be the answer).  That one is also now locked although I'm glad I'm not the only one having this issue.

We have a XG 310 firewall with a 500/500 fiber line.  We have had a ongoing issue where other vendor VPN's sometimes will drop randomly.  This is from clients inside the network going to outside VPN's, this is NOT VPN into the XG (which works fine).  This is affecting almost every other VPN client we have used.  It seems to affect connections using the standard built in Windows VPN the most, the Cisco AnyConnect client, SonicWall VPN, and others are also affect but not as badly.  The only one we haven't had any issues with is the FortiNet client...it seems pretty stable.  But all the others will just disconnect randomly.  It could work fine for 5 minutes or a hour.  There seems to be no rhyme or reason to it.  But it has been constantly disconnecting them for over a year.  The only solution when it happens is to reconnect or sometimes in the case of the Windows built-in VPN disconnect and then reconnect.  After reconnecting it will work fine again for a random amount of time.

 

If we bypass the XG and hook up directly to our ISP provided router we have no issues with stability.  If we use the same VPN clients from our cell phone hot spots its also stable.  If we use the same VPN clients from our home internet it's fine.  But routed through the XG we get random disconnects.  So it seems to be something the XG is doing.  This has been happening with all of firmware 17.*.  Since I originally posted this 6 months ago we have upgraded our hardware to a XG310 Rev 2 which is running 18.0.4 MR 4 but the exact same thing keeps happening. 

Has anyone else seen this issue or have any ideas on where to even start troubleshooting?  We support multiple customers by VPN'ing into their networks and it's a hassle to switch over to hot spots on cell phones to do so.



This thread was automatically locked due to age.
  • 0

    - Did you ever get anywhere on this issue?  Yours was through a UTM, mine is through a XG, but the issue is identical.

  • 0 in reply to AllanD

    Hi,

    please raise a support case.

    Ian

  • 0 in reply to rfcat_vk

    The last person that did was told it was the other vendor.  I will but I know without a doubt it's the XG since we do not have the same issue on literally any other connection, only when traversing the XG.  I was really hoping someone else on here has a idea before I contact support.

  • 0 in reply to AllanD

    Why I asked for  a support case is hopefully one of the Sophos Forum support engineers will pick up the issue and escalate it.

    Ian

  • 0

    Hello AllanD,

    Thank you for contacting the Sophos Community.

    As suggested by rfcat_vk, please open a case with support and share the Case ID.

    If the XG is in the middle of the connection for those tunnels, and you have your own IPsec tunnels created in Sophos, make note of this in the ticket, and also run this command from the console to rule out any possibility that one of the IPsec, Sophos Connect might be interfering with the other tunnels 

    Console > set vpn conn-remove-tunnel-up disable

    Try running a TCPdump on the XG with the IP of the Computer creating the connection and the destination save it as a pcap so it can provide some clues 

    # Nohup tcpdump -envi any host x.x.x.x and host x.x.x. and port 500  -C 100 -W 10 -w /var/storage/caputure.pcap -s0 &

    (The W is the number of Files, the C will be the size of the File)

    Try running the command first without the nohup,the & and basically everything after the -C ,  once you see there’s traffic flooding the screen with the IP of the Computer and the other end of the tunnel IP, then run the command with nohup and don't forget to add the & at the very end.


    Once you see the issue happens, you can stop the capture by typing

    # fg 

    And then press in your keyboard Ctrl + c 

    Regards,

  • 0 in reply to emmosophos

    I opened a support case and they had me try a couple things.  Doing that along with the set vpn conn-remove-tunnel-up disable command and will retest.  If they continue to fail I'll get some data logs.