Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 6 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 2842 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Outgoing VPN connections constantly disconnect when used through our XG Firewall

AllanD

Never got a good reply so posting again.  This is mostly a copy of https://community.sophos.com/xg-firewall/f/discussions/122785/other-vendor-vpn-s-constantly-disconnect-when-used-through-a-xg-firewall (posted 6 months ago and now locked due to inactivity) and another user had the same issue also over 3 years ago with no replies (https://community.sophos.com/products/xg-firewall/f/network-and-routing/86386/vpns-keep-disconnecting#pi2147=2).  It's also seems to be the same as https://community.sophos.com/utm-firewall/f/general-discussion/120726/outgoing-ssl-vpn-connection-dropping and in that case it seems Sophos support blamed the other vendor (which CANNOT be the answer).  That one is also now locked although I'm glad I'm not the only one having this issue.

We have a XG 310 firewall with a 500/500 fiber line.  We have had a ongoing issue where other vendor VPN's sometimes will drop randomly.  This is from clients inside the network going to outside VPN's, this is NOT VPN into the XG (which works fine).  This is affecting almost every other VPN client we have used.  It seems to affect connections using the standard built in Windows VPN the most, the Cisco AnyConnect client, SonicWall VPN, and others are also affect but not as badly.  The only one we haven't had any issues with is the FortiNet client...it seems pretty stable.  But all the others will just disconnect randomly.  It could work fine for 5 minutes or a hour.  There seems to be no rhyme or reason to it.  But it has been constantly disconnecting them for over a year.  The only solution when it happens is to reconnect or sometimes in the case of the Windows built-in VPN disconnect and then reconnect.  After reconnecting it will work fine again for a random amount of time.

 

If we bypass the XG and hook up directly to our ISP provided router we have no issues with stability.  If we use the same VPN clients from our cell phone hot spots its also stable.  If we use the same VPN clients from our home internet it's fine.  But routed through the XG we get random disconnects.  So it seems to be something the XG is doing.  This has been happening with all of firmware 17.*.  Since I originally posted this 6 months ago we have upgraded our hardware to a XG310 Rev 2 which is running 18.0.4 MR 4 but the exact same thing keeps happening. 

Has anyone else seen this issue or have any ideas on where to even start troubleshooting?  We support multiple customers by VPN'ing into their networks and it's a hassle to switch over to hot spots on cell phones to do so.



This thread was automatically locked due to age.
Parents
  • 0

    Hello AllanD,

    Thank you for contacting the Sophos Community.

    As suggested by rfcat_vk, please open a case with support and share the Case ID.

    If the XG is in the middle of the connection for those tunnels, and you have your own IPsec tunnels created in Sophos, make note of this in the ticket, and also run this command from the console to rule out any possibility that one of the IPsec, Sophos Connect might be interfering with the other tunnels 

    Console > set vpn conn-remove-tunnel-up disable

    Try running a TCPdump on the XG with the IP of the Computer creating the connection and the destination save it as a pcap so it can provide some clues 

    # Nohup tcpdump -envi any host x.x.x.x and host x.x.x. and port 500  -C 100 -W 10 -w /var/storage/caputure.pcap -s0 &

    (The W is the number of Files, the C will be the size of the File)

    Try running the command first without the nohup,the & and basically everything after the -C ,  once you see there’s traffic flooding the screen with the IP of the Computer and the other end of the tunnel IP, then run the command with nohup and don't forget to add the & at the very end.


    Once you see the issue happens, you can stop the capture by typing

    # fg 

    And then press in your keyboard Ctrl + c 

    Regards,

Reply
  • 0

    Hello AllanD,

    Thank you for contacting the Sophos Community.

    As suggested by rfcat_vk, please open a case with support and share the Case ID.

    If the XG is in the middle of the connection for those tunnels, and you have your own IPsec tunnels created in Sophos, make note of this in the ticket, and also run this command from the console to rule out any possibility that one of the IPsec, Sophos Connect might be interfering with the other tunnels 

    Console > set vpn conn-remove-tunnel-up disable

    Try running a TCPdump on the XG with the IP of the Computer creating the connection and the destination save it as a pcap so it can provide some clues 

    # Nohup tcpdump -envi any host x.x.x.x and host x.x.x. and port 500  -C 100 -W 10 -w /var/storage/caputure.pcap -s0 &

    (The W is the number of Files, the C will be the size of the File)

    Try running the command first without the nohup,the & and basically everything after the -C ,  once you see there’s traffic flooding the screen with the IP of the Computer and the other end of the tunnel IP, then run the command with nohup and don't forget to add the & at the very end.


    Once you see the issue happens, you can stop the capture by typing

    # fg 

    And then press in your keyboard Ctrl + c 

    Regards,

Children