When you have an IPSec site-to-site tunnel established and have periodic traffic drops, even though the tunnel stays up, ping is fine as well as various other small packet services.
The above problem is due to the remote network having trouble supporting a large MSS value.
The following sections are covered:
Applies to the following Sophos products and versions
Sophos Firewall XG Software
The steps required for a workaround until the problem on the remote side is addressed, can only be applied by support. Support will first confirm if you are having the problem related to this article and give the IPSec configuration a quick overview.
Please log a support case and reference this article.
If you’ve spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article.
This is invaluable to us to ensure that we continually strive to give our customers the best information possible.