Sophos XG Firewall - License activation unavailable (error XG-00151). See KB-000043485 for the latest updates.

Firewall rule does not work as expected


I'm really not new to the XG system, but right now I got no clue what's going on.
I defined a firewall rule (Test) in my 'exeptions' group. The rule ID is #2:

The destination is a FQDN-hostgroup "Origin" with several FQDN-hosts associated:

The "IP-collector" for the domain "" for example, works flawless and it collects all the associated IPs automatically:

But when I now start a origin game like "BFV" the "Test" rule (#2) will not be triggered like expected. Instead of the Test rule, the rule with ID6 is triggered:

As you can see, this is a rule I defined under the "Web-Filter" group. It's my HTTPS-scanning rule.

BTW: I use the DPI engine instead of proxy and already defined exeptions for the domains "" etc. destinations...

What I am doing wrong? Maybe it's really something simple I don't see right now... Confused

Thank you.

Added TAGs
[edited by: emmosophos at 6:57 PM (GMT -7) on 25 Oct 2021]
Parents Reply Children
  • Yes. I use two certificates. One for the SSL scanning itself and the "web admin certificate" for the user portal because i use the DPI engine and application control.
    In the past i could reproduce an error during the EAP phase for v18. When the connection got intermitted for scanning, i got an certificate error until i defined a web admin certificate with alternate name and then rolled it out on the client. Since then it works flawless.
    But i guess this a antoher story. Grin