Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 29 subscribers
  • Views 879 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

TLS engine error: FLOW_TIMEOUT through IPSec Remote Access Tunnel

Markus Ottmann1

Hello community,

we are facing a strange behavior since we´ve updated our XGS4500 to SFOS 19.5.0 GA-Build197. Some website are not fully accessible through IPSec Remote Access Tunnel (via Sophos Connect Client).

The first line of the above SSL/TLS inspection log shows the error while accessing a website from github.com through the tunnel.

The second line shows a successful access of the same website from an internal client.

Both traffic flows passing the same rules.

When the traffic goes through the tunnel it looks like that the tls specific informations get lost.

Firewall acceleration is enabled and loaded as well as IPsec acceleration is turned on.

This behavior is browser independent. We've tried same versions of Google Chrome and Microsoft Edge on both devices in normal and incognito mode.

I am grateful for any idea that solves the problem.

Best regards

Markus



This thread was automatically locked due to age.
Parents
  • 0

    Go to the Logviewer, take this IP address (Dst) and search for it as a string. Then move to detailed view in Logviewer.

    Check if there are other modules blocking this. 

    __________________________________________________________________________________________________________________

Reply
  • 0

    Go to the Logviewer, take this IP address (Dst) and search for it as a string. Then move to detailed view in Logviewer.

    Check if there are other modules blocking this. 

    __________________________________________________________________________________________________________________

Children
  • 0 in reply to LuCar Toni

    Thanks for your quick answer. But there are no other lines indicating a blocking by another module. I´ve checked ATP-, application-, firewall-, IPS-, malware-, web content- and web filter logs. That would be even stranger, since both clients run through the same rules and policies.

    We can workaround this by using the default "maximum compatibility" decryption profile. But this is not our goal. We want to use the same "strict compliance" decryption profile for the remote workers as it works perfect for all internal clients.

Unfiltered HTML