Sophos Ideas / SG UTM

SG UTM

Suggest, discuss, and vote on new ideas for SG UTM. The ultimate network security package.

Suggest an Idea...

← SG UTM

Upgrade to modern version of StrongSWAN which uses charon instead of pluto

Astaro still uses StrongSWAN ipsec version 4.4.1 which is from 2010.
The latest build of ver 4 is 4.6.4 in mid 2012.

But with today's times.. they are up to version 5.0.4! Version 5 started in mid 2012 when they ditched the old Pluto package and updated Charon to handle both IKE 1 and 2.

For a router boasting support, I'd think that would be a priority to at least be on-par with the open source technology.

Then after you do this, you can update the GUI maybe also to handle exposing some of the ipsec.conf settings that it's hiding right now, or allow a "advanced users" section in the GUI to manually edit the ipsec.conf for each VPN uniquely.

428 votes
Sign in Sign in with Log in with your Sophos ID
Signed in as (Sign out)
Close
Close

We’ll send you updates on this idea

c shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

58 comments

Sign in Sign in with Log in with your Sophos ID
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • Scott commented  ·   ·  Flag as inappropriate

    I am losing yet another client (2nd) to another vendor implementing a Cisco ASA for IKEv2 connection to Azure. They don't want to hear about XG, if the Sophos UTM won't do what they need they are migrating to Cisco.

  • frank commented  ·   ·  Flag as inappropriate

    Just opened a support ticket about this, and he replies saying they've "included it on a roadmap", and sends me to this 6-year old "feature request" thread. What a horrible way to treat your customers.

  • Patrick commented  ·   ·  Flag as inappropriate

    Vital so that site to site VPNs can stay running stably on more modern connections!

  • Kipland Iles commented  ·   ·  Flag as inappropriate

    No plans to migrate to XG as I like my SG's. I'm voting for this. Give me some IKEv2, please, so I can better connect (and stay connected) to Google Cloud.

  • Erroll Marchais commented  ·   ·  Flag as inappropriate

    Cannot connect resources accross an IkeV1 tunnel to Azure Apps (only Azure servers). This is a huge issue. Need a resolution to this ASAP!!! The is not an issue you realize you have until you have the issue and we can't just throw out the firewall. This is requiring us to route Azure VPN through a completely separate appliance. Shouldn't be forced to do this. XG is not as baked and doesn't have all the features I need so please don't say "just use SFOS"

  • Matthew commented  ·   ·  Flag as inappropriate

    I have to say this is ridiculous, a company like Sophos that is not new to the industry still using an ancient form of IKE with everything that is going to the cloud and site-2-site links becoming more popular.

    How hard could it be to add this functionality?

    Because of Sophos lack of caring about this we have a project we can not move forward with due to a provider using Sophos devices for managed router / devices for one clients location.

    Get with the time Sophos, I almost want to say your now of the last providers who does not support IKEv2 yet...

  • Mark M. commented  ·   ·  Flag as inappropriate

    Seriously, get to version 5.x. Having an L2TP server behind NAT is not working because of the older Strongswan version, and yet isn't a terribly complicated thing to ask for.

  • Greg Campion commented  ·   ·  Flag as inappropriate

    If this upgrade were made, modern android users would be able to use the L2TP VPN natively which would be wonderful!

  • Andre commented  ·   ·  Flag as inappropriate

    With no IKEv2 Support on our XG Firewalls we will change UTMs next year. Please implements it. UTM still a nice Firewall.

  • Adrien Belcourt commented  ·   ·  Flag as inappropriate

    IKE v2 support is critical to increasing numbers of customers and this feature request is required for implementing this.

    See "VPN: IKE V2 Support" feature request which if combined with this feature would make it the 4 highest voted for feature.

    Vote for both.

  • Eric commented  ·   ·  Flag as inappropriate

    This is a must have because the current version with active directory authentication (probably most users) is vulnerable to CVE-2015-8023!

  • c commented  ·   ·  Flag as inappropriate

    Astaro Sohpos UTM - The VPN router for the 90's.

  • Bob Alfson commented  ·   ·  Flag as inappropriate

    Two of my votes are here and I've none left. There was a rumor that this was planned for 9.4. It would be a shame if this were not true.

    Cheers - Bob

  • Peter Helfer commented  ·   ·  Flag as inappropriate

    Lack of this security standard we are currently not able to connect our customers to Azure dynamic routing gateway. So actually its a deal-breaker and we are really thinking to move away from Sophos due to this if it is not implemented shortly!

    Sophos is a great firewall! I do not understand why this security standard was not implemented a long time ago!

    Please make everything to get listed on the Azure compatibility list:
    https://azure.microsoft.com/en-us/documentation/articles/vpn-gateway-about-vpn-devices/

  • c commented  ·   ·  Flag as inappropriate

    Unless you want to spend the big bucks on those solutions or it makes sense for you, you can ask me for help on setting up your own router. It seems like a daunting task, but it's really not, it's just not well advertised. It then gives you the freedom to update components as often as you need, and manage the whole configuration in simple text files that you can store in some software revision like Git.

← Previous 1 3

SG UTM

Categories

Feedback and Knowledge Base

(thinking…)
icon-data-protection icon-endpoint-protection icon-phish-threat icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-central icon-sophos-mobile icon-sophos-utm icon-sophos-utm icon-sophos-utm icon-web-appliance icon-xg-firewall icon-xg-firewall icon-avid-secure icon-lightbulbCreated with Sketch.