Sophos Connect RDP connections are freezing out and disconnecting
Here in this article we will discuss how to troubleshoot RDP disconnection issue while is sophos connect as a VPN client.
First make sure you have configured sophos connect client properly, you can use the following article for the same:
If sophos connect client traffic is dropping out, that could be of different reasons. Here in this article i will list out some troubleshooting methods where you need to focus on.
If you are initiating any RDP traffic through sophos connect client it will generate huge traffic. So sophos firewall might treat this traffic as DOS attack and might block the traffic. To confirm this issue, login to sophos XG firewall GUI and click on Intrusion Prevention tab and check if there are any dropped packets under TCP flood section.
In case if you enabled TCP flood or UDP flood protection under “DOS and Spoof Prevention” tab try to connect sophos connect client again and check if there is an increase in dropped packets in the above image. If there is any increase in dropped packets, you need to create DOS bypass rule.
To create DOS bypass rule, click on DOS and spoof prevention tab, click on add “DOS bypass rule“
Suppose if i want to create DOS bypass rule for RDP traffic i need to create bypass rule as shown in below image:
In case if RDP is using UDP protocol, we need to create DOS bypass rule as shown in below image:
Here in the above tabs, “*” represents any. Once you create the DOS bypass rule for specific traffic, traffic will no longer be treated as DOS attack. Hence the issue might be rectified.
Click on VPN >> IPsec Remote Access tab an check the configured IDLE settings in the sophos connect client configuration.
In case if you enable this setting, and if sophos connect client tunnel is IDLE for more than mentioned timing, then sophos connect client tunnel will be disconnected. So its normal design. When troubleshooting disconnect issues, you can try to disable this setting and check if tunnel is working fine.
In case if tunnel is working without issues after disabling IDLE settings, try to increase the “IDLE session time interval” which will help you to solve the issue.
Normally if IPSEC tunnel is fluctuating, all connections existing connections through sophos XG will be flushed. To avoid that scenario, login to sophos XG firewall CLI and enter “Device Console” tab.
Enter this command “set vpn conn-remove-tunnel-up disable“
You can use this article to login to SSH of the firewall:
All these above methods will be useful to increase the performance of sophos connect client.
Hope this article helps you.