Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Sophos XGS WAN Proxy


On our SG we were able to open the proxy to be used from WAN (of course using authentication)

On XGS this is not possible?

From an older entry here on the forum I can found a post like "open proxy from wan is risky and this is why WE dont allow it" ...

Yeah, maybe it is risky but we are the paying customer (well maybe not much longer...) and so I think it would be nice to let us decide.

Give a "warning - this option is not good and could lead to security risks" but at least give us the option - or is ther a way now?

Added TAGs
[edited by: Raphael Alganes at 2:15 PM (GMT -7) on 27 May 2024]
  • SFOS does not support Basic Authentication. So how would you, if you enable it, authenticate yourself in WAN? 

    What would be the idea here? 
    You could configure your WAN as a DMZ interface, then setup a Route to the GW of your WAN and run with this.
    But this will end up in an open Proxy for the world, as there is no real way to authenticate yourself. Most (if not all) Authentication methods on SFOS are build for using for a secure network. 


  • Hello,

    what is the use case? maybe a reverse proxy is what you want?

    Mit freundlichem Gruß, best regards from Germany,

    Philipp Rusch

    New Vision GmbH, Germany
    Sophos Silver-Partner

    If a post solves your question please use the 'Verify Answer' button.