Sophos SSL VPN Problems with Kaspersky/TrendMicro Anti-Virus

In the last weeks, my network team and I tried to solve a problem at one of my customers regarding SSL VPN problems. The customer keeps connected (green traffic light on) but lost the network connection to his servers several times. Only a manual vpn-reconnect could solve the problem. UTM logs and client-logs couldn’t help us solving this problem. We tested it with local and active directory users but the problem keeps the same. After testing the connection from our office, we keep pinging the servers while our client gets disconnects. We found out, that the problem only appears on his notebooks. Every device runs Kaspersky Anti-Virus. I found an activated protocol with the name „Kaspersky Anti-Virus NDIS Filter”. This filter is a network package interceptor:

kaspersky-ndis

We deactivated the filter on every notebook (but only in the TAP-adapter). After several days of testing, no disconnect appears any more. Some other anti-virus vendors are also providing such package interceptors. I hope that my solution also helps you!

 

/edit: A four month old support ticket has also been solved with deactivating NDIS in the TAP-Adapter of Sophos SSL VPN. This time, the clients are using TrendMicro Office Scan.

3 thoughts on “Sophos SSL VPN Problems with Kaspersky/TrendMicro Anti-Virus”

  1. Hi michel ;

    İ am murat

    sophos utm device without s we can make the connection between red.
    if we can, how we can proceed. can you give examples

    thanks

  2. Danke für diesen Hinweis! Ich habe das gleiche Problem somit eingrenzen können. Die Verbindung wird aufgebaut (Ampel grün), aber es findet kein Datentransfer statt.
    Deaktivieren der NDIS Filter im Adapter brachte den Erfolg.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.