AWS VPN Automatically Create IPS Exception
We recently migrated our AWS VPN's from their 'Classic' to their 'New' style. We had major issues with this (and not a lot of documentation from either Sophos or AWS on what the issue could be).
AFter having 4 Sophos engineers look into the problem, it turns out that the new AWS VPN uses NAT-T which was being caught by the UDP flood protection, as it's between two 169.x.x.x IP's at either end of the tunnel.
Since importing an AWS VPN config is supposed to be largely 'hands off', creating all the BGP and VPN settings in the background, it would also be good if it could automatically create a NAT-T exception in UDP flood protection.
I believe this will help avoid a future headache for someone else who's following the Sophos documentation to 'just load the config file and import it, job done'.