Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 9 replies
  • Subscribers 28 subscribers
  • Views 15866 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

XG230 drops off FM

RichardPhillips

Hi,

Its probably overkill, but I have 2 XG230s. One at one site, one at another.

The XG that is in the same site as the FM connects, and stays connected. 

The one in the remote site, says all the tests are fine for authentication etc, but then after a few minutes reports as disconnected.

I currently have FM so it is not public facing, and the remote XG reports in over the IPSec Site to site vpn. 

I know the VPN is solid as I have pings running continuously and its as solid as a rock.

Should I have the FM publicly accessible, and refer to the XG's publicly, or should I be able to keep it all 'inside' our network?

Thanks,



This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to Antonio Rennvick

    Hi Antonio,

    Are you able to ping SFM local interface ip from XG device local interface  through vpn tunnel?

    Please check Log viewer > System > Central Management logs. Please check XG device is sending the HB packets to SFM or not.

    Ravi

  • 0 in reply to RaviPatel

    Ping works as following 

    Location A PC - Location B PC #Ping working fine#

    Location B PC - Location A PC #Ping working fine#

     

    Location A Firewall - Location B Firewall #Ping not working#

    Location B Firewall - Location A Firewall #Ping not working#

     

    Any idea how to resolve this issue? 

  • 0 in reply to Antonio Rennvick

    Hi Antonio,

    I am suspecting connectivity issue between XG and SFM through tunnel.

    Please check Log viewer > System > Central Management logs. Please check XG device is sending the HB packets to SFM or not.

    Heartbeat : SF devices send periodic heartbeat at every 1 min with appliance key and set Sync Flag in SFM/CFM and SF for sync state. 

    If it is not working through IPSec site to site tunnel then please create SSL VPN site to site tunnel between XG and SFM and check the status of the issue.

    Ravi

  • 0 in reply to RaviPatel

     

    Hi yes, you correct there is an error message. 

    is there anything that we can do than the SSL VPN. 

    Because the site to site IPSec tunnel is working perfectly. even can ping end to end. 

    Only thing is that we can ping from the Sophos firewall to the other location. 

    Any rule needs to be configured? 

  • 0 in reply to Antonio Rennvick

    Hi Antonio,

    Rule is already created, because of that ping is working from local pc to remote pc and vice versa.

    Try to initiate interface based ping from XG console to SFM (where interface should be ipsec local network interface).

    Please provide me topology detail with IP diagram.

    Ravi

  • 0 in reply to RaviPatel

    yes, ping working from PC to PC. only from the firewall that I cant ping anywhere. is this a bug in the XG firewall? 

    Below is how the network is with the XG firewall and the SFM. sorry didn't have Visio installed so got it done on excel. 

  • 0 in reply to Antonio Rennvick

    Hi Antonio,

    Only from the firewall that I cant ping anywhere. is this a bug in the XG firewall? 

    --> No , It is not a bug.

    I suggest you to contact Sophos Support.

    Ravi