Sophos XG with Sophos UTM downstream for Mail Hygiene

Looking for some advice on how to configure both Sophos XG and Sophos UTM for my Home Lab


Currently, I run Sophos UTM for everything, but I want to replace it with Sophos XG

The biggest problem at the moment is that XG doesn't handle Mail in the same way as the UTM - specifically POP3 Prefetch - so I can't switch the UTM off without an impact 


Is it possible to configure the XG so that its my main Firewall (Proxy, NAT, WAF, etc...) but then send all mail requests via the UTM ?


  • Hi,

    the XG scans POP3/S so where are you having configuration issues with the XG mail? If you are using an Apple device then yes, there are scanning issues, but if you are using MS devices I am not aware of any issues.


  • In reply to rfcat_vk:

    Yeah its more the lack of the pop3 prefetch facility thats in the UTM where it can scan a remote POP3 mailbox for  different users & email domains

    As far as I can see, XG doesn't have this facility, and I need to modify MX records, which is a bit awkward for a home ISP...

  • In reply to Gatt:

    Assuming you are using private IP addressing between the XG and the UTM, you would setup two rules on the UTM, one to pass all but POP3 and the other to scan POP3 which from memory is actually a proxy you enable.

    The XG would have the NAT rules and other firewall ctivities.


  • In reply to Gatt:


    If the XG is the edge device, create a rule for pop3 traffic coming from utm IP address.

    For the rest use XG.