Sophos XG - VPN Tunnel - SSL Connect - Broken Pipe

Question

Dear all, 
 i&acute;ve been struggling to get a Sophos XG up and running for some time. Most of the things do work now, there is only one thing i seem to be unable to solve, do you have some idea how to solve this: 
 a) ipsec site 2 site vpn tunnel to some remote location defined and established 
 b) http / https / rdp connects to this remote locations internal network are up and running 
 c) as soon as i try to open a ssh connection from remote location to local one or from local one to remote, the ssh client exits with a broken pipe error 
 d) if i shutdown the sophos and use the old kerio appliance instead, the ssh connection works immediately 
 e) if i use the sophos and open a separate vpn connect on the client to the target system, the ssh connection works as well, so i suppose it might be some filtering / rewriting issue on the sophos 
 what i don&acute;t understand: why is sophos inspecting / filtering the ssh vpn traffic even when the following settings are applied: 
 
 firewall is defined without any filtering / protection 
 intrusion prevention is off 
 advanced threat protection & security heartbeat are off

Tobias van der Plas · Answer

Solution: 
 the endpoint on the other side was the Problem (Kerio Control Firewall, Software Version 9.1.4) - in order to have stable ssh connects via vpn tunnel, the following settings need to be adjusted on Kerio: 
 Intrusion Prevention - severity levels -> low -> log, don&acute;t drop 
 Security Settings - Miscellaneous -> enable anti-spoofing needs to be deactivated.