Here's the link to our "Known Issues List for Sophos Products". This list is maintained and updated frequently, so keep an eye out for any new reported issues.
We should make our own community version. It might not be that accurate but could help others identify issues. I just hope they don't kick us out of this site... It's the only support I have... Lmao
Which type of ipsec profiles you are using because I am using the depreciated ones with the existing setup with previous versions and it hasn't caused much issue yet.
However I have been facing issues when using different preshared keys for tunnels when I allow all networks even when specifying ID. V16. 05mr8 and above.
When contacting support I didn't have the ID setup and was told if I did the issue won't persist.
What happened is that when establishing a tunnel and configuring the next one and bringing it up. Some how the password replicates to all the tunnels and then after sometime when the session times out tries to reconnect a password mismatch error comes up.
Replied to support regarding the matter and no reply. So I decided to use one password for all tunnels.
Working like a charm ever since.
Perhaps its technically not feasible or it's a bug I honestly don't know.
I am running the latest version and my client is experiencing strange behavior that I can only confirm when I see with my own eyes to mention. Thankfully the environment is back to bieng operational.
Unfortunately i am preoccupied trying to redeploy red appliance in transparent mode with static uplinks and establishing an ipsec vpn tunnel from cyberoam as ho and sophos xg as branch and is giving me a hard time regardless of the version.
I realized they released a new red firmware twice in the past two weeks. Checked after the first one and it's still persisting. Waiting for work hours to finish so as to test that again as it was causing other issues for other red appliances when deployed.
Let's hope this new release is not the beginning of another nightmare. So far users are not complaining. I am somewhat happy because I am not getting phonecalls from higher management so far.
Currently we have one tunnel to an XG running 16.5, I migrated the other one that goes to a UTM to RED while we were still on 16.5 but that has been somewhat unstable of late. Both are intercontinental links.
We use the certificates rather than passwords and at the moment are using IKEv1 as we are interversional.
The only thing I changed since upgrading the core to 17 is to enable SHA256 as we had to use SHA1 when we had 16.5 at each end (for an earlier version than we are on now).
We have some new XGs that arrived at the UTM site in the last week so we are going to retry RED there.
Currently we have one tunnel to an XG running 16.5, I migrated the other one that goes to a UTM to RED while we were still on 16.5 but that has been somewhat unstable of late. Both are intercontinental links.
We use the certificates rather than passwords and at the moment are using IKEv1 as we are interversional.
The only thing I changed since upgrading the core to 17 is to enable SHA256 as we had to use SHA1 when we had 16.5 at each end (for an earlier version than we are on now).
We have some new XGs that arrived at the UTM site in the last week so we are going to retry RED there.
