Register Now

Login

Lost Password

Lost your password? Please enter your email address. You will receive a link and will create a new password via email.

Sophos Connect Performance Issues in XG firewall

Sophos Connect RDP connections are freezing out and disconnecting

Here in this article we will discuss how to troubleshoot RDP disconnection issue while is sophos connect as a VPN client.

Troubleshooting:

First make sure you have configured sophos connect client properly, you can use the following article for the same:

Sophos Connect Client Configuration

If sophos connect client traffic is dropping out, that could be of different reasons. Here in this article i will list out some troubleshooting methods where you need to focus on.

Method-1:

If you are initiating any RDP traffic through sophos connect client it will generate huge traffic. So sophos firewall might treat this traffic as DOS attack and might block the traffic. To confirm this issue, login to sophos XG firewall GUI and click on Intrusion Prevention tab and check if there are any dropped packets under TCP flood section.

Traffic dropped
Flood

In case if you enabled TCP flood or UDP flood protection under “DOS and Spoof Prevention” tab try to connect sophos connect client again and check if there is an increase in dropped packets in the above image. If there is any increase in dropped packets, you need to create DOS bypass rule.

To create DOS bypass rule, click on DOS and spoof prevention tab, click on add “DOS bypass rule

DOS bypass rule
DOS bypass rule

Suppose if i want to create DOS bypass rule for RDP traffic i need to create bypass rule as shown in below image:

DOS bypass rule TCP
RDP-TCP

In case if RDP is using UDP protocol, we need to create DOS bypass rule as shown in below image:

DOS bypass rule UDP
RDP-uDP

Here in the above tabs, “*” represents any. Once you create the DOS bypass rule for specific traffic, traffic will no longer be treated as DOS attack. Hence the issue might be rectified.

Method-2:

Click on VPN >> IPsec Remote Access tab an check the configured IDLE settings in the sophos connect client configuration.

IDLE settings
IDLE settings

In case if you enable this setting, and if sophos connect client tunnel is IDLE for more than mentioned timing, then sophos connect client tunnel will be disconnected. So its normal design. When troubleshooting disconnect issues, you can try to disable this setting and check if tunnel is working fine.

In case if tunnel is working without issues after disabling IDLE settings, try to increase the “IDLE session time interval” which will help you to solve the issue.

Method-3:

Normally if IPSEC tunnel is fluctuating, all connections existing connections through sophos XG will be flushed. To avoid that scenario, login to sophos XG firewall CLI and enter “Device Console” tab.

SSH
Device Console

Enter this command “set vpn conn-remove-tunnel-up disable

VPN tunne
VPN tunnel disable

You can use this article to login to SSH of the firewall:

SSH

All these above methods will be useful to increase the performance of sophos connect client.

Hope this article helps you.