Guest User!

You are not Sophos Staff.

Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 1 answer
  • Subscribers 27 subscribers
  • Views 13684 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG 210 Site to Site VPN and Client VPN

BerndBauer

Hello sophos community,

my name is Bernd Bauer and I´m a Sophos XG Newbie

Last weekend we equipped one of our costumers with 5 Sophos XG Firewalls.

1 HeadOffice XG210 and 5 BranchOffices with XG105

I installed the latest firmware on the head office firewall SFOS 15.01.0 MR-2.

At this moment I´m very frustrated because we have only troubles with the new xg firewalls.

1. problem (Client VPN):

We setup AD Authentication and SSL VPN remote access.

The vpn users can login to the user portal but can´t download the ssl vpn client.

If I click on download client and configuration nothing happens.

Also by clicking on download configuration nothing happens.

I tried it with mozilla firefox, internet explorer and google chrome also on different pcs same issue.

Did someone have the same troubles?

2. problem (site to site vpn):

The site to site vpn to the branch offices works fine but they are unstable.

I mean my head office firewall shows me everything green connection established but i can´t ping my server on the other site.

So I have to deactive the site to site tunnel for this branch office and reactive it.

After this process I can ping again my devices in the branch offices.

These are my biggest problems currently.

I would be glad for tips and suggestions.

best regards

Bernd



This thread was automatically locked due to age.
Parents
  • 0

    Hi Bernd,

    Thanks for choosing Sophos.

    We do not have any instance where anyone is not able to download SSL VPN client. Can you check this from a remote location accessing User portal on Public IP through a another system?

    And is the Ping issue over IPSec intermittent ? Does the manual restart of IPSec tunnel resolves the issue ?

    Please provide us more information on this matter to investigate further.

    I suggest you to monitor drop-packet-capture logs on XG when this issue is Active.

    Follow the steps mentioned below to capture drop-packets of specific  IP address.

    1.  Logon to the CLI Console (Telnet/SSH)
    2.  Select Option 4 - System Console
    3.  To capture drop-packets for specific IP Address, execute the following command:

         console> drop-packet-capture 'host 10.0.0.1 and proto ICMP

    This will give you a brief idea where the traffic could be dropping.

    Hope that helps:)

    Thanks

    Sachin Gurung

  • 0 in reply to sachingurung

    Hi Sachin,

    i tried accessing the user portal at this moment with my notebook via the public ip and the download didn´t work.

    I could try to boot the old firmware mr1 and download the client.

    Do you know what happens with my config when i boot the old firmware ?

    I´m now updating all branch office firewall firmwares to the latest firmware HW-SFOS_15.01.0_MR-2.SF210-418.

    So i will keep you up to date if this fix my site to site vpn problem.

    Thanks for your help

Reply
  • 0 in reply to sachingurung

    Hi Sachin,

    i tried accessing the user portal at this moment with my notebook via the public ip and the download didn´t work.

    I could try to boot the old firmware mr1 and download the client.

    Do you know what happens with my config when i boot the old firmware ?

    I´m now updating all branch office firewall firmwares to the latest firmware HW-SFOS_15.01.0_MR-2.SF210-418.

    So i will keep you up to date if this fix my site to site vpn problem.

    Thanks for your help

Children