Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • Regarding 80 and 443 ports

    Dear sir, I have been using Sophos xg firewall(cyberoam NG cr100ing). Iam facing a problem that my port 80 and 443 are opened for wan side, Our cyberfortress team is scanning the above said ports from wan side and telling this is vulnerability. plz…
  • Whitelist IP Address PCI Scan

    Hello, I am new to Sophos. We recently had a Sophos XG 125 installed on our small network at work. In order to stay PCI compliant, a scan is run every few months on our IP address. The IP source addresses are: 64.39.96.0/20 64.39.106.0/24…
  • Reflexive rule blocks WAN connection for the host mentioned in that rule

    Hi everyone, After using the DNAT assistant to enable access to my Synology from WAN ( https://community.sophos.com/xg-firewall/f/discussions/125700/synology-nas ), there are 3 NAT rules that have been created. The problem right now: My SynologyNAS…
  • External Websites showing user portal

    This morning we switched over to our Sophos XG FIrewall. Professional services did alot of the leg work for us in the main configuration and while it appears most things are working properly we did find a few things wrong after we got off the phone with…
  • XG and Dnats

    I am coming from the old utmost's side and busy learning all the new xg stuff. One thing I have not found is if I am trying to build a new XG and obviously trying to build all the gnats from the utmost side. It will load the gnats and bind the appropriate…
  • external RDP access does not work - XG Firewall bridge mode

    I need to learn how to free external access to RDP. Before placing the Sophos Firewall on the bridge, my Mikrotik was solely responsible for releasing the RDP ports of each server of mine. Now I can't communicate externally with my servers, only locally…
  • Synology NAS

    Greetings, I guess it's a simple and common asked issue, but unfortunatelly the search function seems to be disabled/malfunctioning right now - despite trying different keywords. And some (video) guides that I found show some setups on old versions…
  • XG home edition, no acess from LAN to DMZ

    Hello folks i just provisioned a xg home... all is good but my internal plan subnet not able to reach dmz at all, appearsto be a problem with NAT... possibly DNAT...a little lost here. Tried the v18 feature of dnat wizard but it asks for wan address…
  • cannot access web server from inside network (LAN)

    Hi, I am having a problem with my Sophos XG firewall v17.5. I am trying to access my public facing server from my LAN where the server is hosted, but I am getting timed out. When I try to access it outside my LAN, it works. I have tried turning…
  • Simple DNAT/Firewall rules not working

    I have tried the following scenario by building the DNAT rule and Firewall rule manually. And I have tried using the "assistant." Neither work. I would appreciate if someone could take a look at this scenario for me since the support portal is still down…
  • RED configuration for PCI DSS compliance v18 DNAT

    I have an XG135 running (SFOS 18.0.1 MR-1-Build396) and I am currently failing Security Metrics PCI scan for the following: I am trying to follow the KB Sophos has provided but in v18 DNAT and Firewalls are separated, and I can't seem to get everything…
  • Serverzugriff über IPv6 DNAT funktioniert nicht

    Hallo Community, ich versuche derzeit mein Netzwerk von außerhalb erreichbar zu machen. Da ich über einen DS-Lite tunnel verfüge, muss ich dies über IPv6 verwirklichen. Von meinem ISP wird mir ein dynamisches IPv6 Präfix zugewiesen. Da ich keine Funktion…
  • DNAT Settings multiple gateways

    Hi Everybody, I'm configuring some DNAT Rules for our Citrix Environment following this guide techbast.com/.../sophos-xg-v18-how-to-configure-dnat-with-load-balancing-on-sophos-xg-for-outside-client-can-connect-to-web-servers-on-firmware-version…
  • [WORKAROUND] XG18 - Loopback NAT not working

    I believe there are several threads on this without a solution. Chiming in here: I have a server in a DMZ VLAN exposing HTTPS over DNAT, including loopback and reflexive NAT rules. The XG18 firewall has an xxx.myfirewall.co dynamic DNS registration…
  • SilverShield SFTP behind XG

    Hi Guys I have a program called SilverShield which is SFTP program behind UTM and realized that it has DNAT set up on UTM. I am trying to set up DNAT on XG which has more options and tried a few it does not work. By looking at below screenshot, is…
  • DNAT Regel zur Ansteuerung eines Servers aus dem Internet

    Hallo Zusammen, ich bin etwas verzweifelt. Ich bekomme es einfach nicht hin, einen meiner Server aus dem Internet erreichbar zu machen. Über den DNAT Assistenten habe ich eine Regel erstellt: Interne Server Adresse: Mein Server Öffentliche IP Adresse…
  • Source and Destination port in reflexive rule

    If we checked reflexive rule in a DNAT rule. What will be source and destination of the reflexive rule. Lets say , we have a DNAT rule for HTTP and orginal port and translated port are same . So the source port range is 1:65535 and destination port…
  • DNAT rules for HTTPS with a custom port from wan

    Hi, I want to configure a DNAT rule where my user can access my server using the https with custom port 8000, but When I will try with this redirection Sophos is redirecting my query on the user portal. I tried to disable the user portal but no luck…
  • DNAT rule for Multiple Port and Protocol

    Hi, My customer requirement, he wants to use DNAT or web server protection for hosting IIS services. From the public network he wants to access a server using the Dydns with port no 8081 but if the user will try with HTTP (http://mydns.xxx.co:8081)…
  • Port Forward (DNAT) List of Ports to single host on 17.1.2

    Hi, I would like to port forward two non-adjacent ports to a single IP on the LAN. In previous firmware versions, its seems like there was a "Forward Type" dropdown box per KB article: https://community.sophos.com/kb/en-us/122976 . However with SFOS 17…
  • The differences between SNAT and DNAT

    Dear Wizards, I'm a newbie to Sophos XG Firewall, can I ask the differences between SNAT and DNAT? In which case which method should we use? For example: we have some Exchange mail servers, Web servers, ERP servers, SharedFile servers then we should…
  • DNAT funktioniert nicht trotz protokollierter Pakete

    Hallo, Unsere Sophos UTM9 hat Schwierigkeiten mit einer DNAT Regel... Es soll Port 8086 eines Uplink-Interfaces weitergeleitet werden zu Port 8086 auf einem internen Server. Das Uplink-Interface ist ein PPPoE hinter ZyXel Router/Modem von Telekom…
  • DNAT NTP instead of NTP Server

    I created this Business Application Rule to DNAT internat NTP queries to XG-> external NTP server because XG is not a NTP Server (SG yes) But I still have at log: where XG is 192.168.157.70. why? 2018-08-03 14:41:21 Appliance…
  • XG Inbound DNAT Rule Working Fine But XG Blocking Server Outbound

    Hi all, We're fairly new to Sophos XG but we have our firewall rules set up and working so far. However, I have created a DNAT rule for secure LDAP which is working well and I can see the traffic being forwarded to the internal server. However, the…
  • Sophos XG v17 DNAT and Port Forward issue

    I have just migrated from the Sophos SG series and I'm trying to replicate some of the WAF rules/DNAT, but i am having an issue with forwarding to internal port from http/https. Basically I have a web server running on port 4477 internally. I am trying…