I've recently moved to Sophos XG (SFOS 19.5.0 GA-Build197) and I've got an odd issue with Always-on-VPN.
My work machine (Windows 10 20H2) uses this to c
onnect to the office but it has stopped working (It was working initially after the move from UTM).
Whether I use wired or wireless my machijne will not connect. The error suggests that fragmentation is the issue but I don't think that's it.
I have tried using two separate phones to hotspot the laptop and it connects without any issues. If I then insert the ethernet cable the WiFi automatically shuts down but connectivity is unbroken. I can switch back and forth from wired to hotspot with no problem but I cannot initiaste the connection while connected behind the XG firewall.
I've looked at some wireshark captures to try to get an inkling of what is happening. and it looks like two response packets are not getting back but I don't know why.
Here's a working connection setup (mobile hotspot) blue is the remote endpoint:
And here's a failing connection setup (green local, blue remote):
You can see that early in the exchange on the working link (line 9 & 10, combined in 11) there are two response packets from the remote endpoint but these are never seen when connected through the XG. (I've captured this process several times). So my laptop never sees the 'Responder Response' while behind the XG.
I've tried turning off SSL/TLS inspection, IPS, I'm not using the proxy. It's as simple and basic as I can make it.
But, as I said, once the connection is established I can connect to the XG with no problems and the connection is solid.
Any ideas, please?
This thread was automatically locked due to age.
