Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 4 subscribers
  • Views 614 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

UTM 9.705 - Since January, 20 2021 I have issues with outgoing VPN connections

TheExpert

Hi all,

I'm using Sophos UTM 9.705 Home Edition. Since January, 20 2021 I have issues with outgoing VPN connections. The IPsec VPN connection to my work place is very unstable. I can see that since this date there are a lot of invalid packet messages for port UDP 4500. See the Splunk log line:

Jan 20 08:31:43 192.168.0.254 2021:01:20-08:31:43 moessner-1 ulogd[61016]: id="2004" severity="info" sys="SecureNet" sub="packetfilter" name="Invalid packet" action="invalid packet" fwrule="60007" initf="eth0" outitf="eth1" srcmac="---" dstmac="---" srcip="---" dstip="---" proto="17" length="140" tos="0x00" prec="0x00" ttl="127" srcport="4500" dstport="4500"

I don't know why the UTM is saying that these are invalid packets. I had some issues last year and had to add the ip address of the company's firewall gateway to the IPS exceptions (UDP flooding for incoming and outgoing connections).

What changed on January, 20 2021? Is this caused by an pattern update of the UTM?

Kind Regards.



This thread was automatically locked due to age.
  • 0

    Hi all,

    it may be useful to know, that the IPsec VPN client is FortiCllient VPN 6.4.1.1519.

    Kind Regards

    TheExpert

  • 0

    Hi all,

    I updated the VPN client software, FortiClient VPN, to version 6.4.2.1580. But this doesn't solve the issue. But for some reason I can see that the same VPN tunnel is working from another client system without these issues.

    Kind Regards

    TheExpert

  • 0 in reply to TheExpert

    Hallo,

    Is the second device also behind the UTM?  Does it also use the same client?  What device is the VPN endpoint in the office?  Is there a reason you don't use the UTM's site-to-site IPsec?

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Unfiltered HTML