Running XG 18.0 MR5-Build586 on a pair of SG230's in HA (Active-Passive). We use the XG as a local cache and DNS relay, since we rely on AD DNS hosted in our AWS Virtual Private Cloud. We have DNS request routing setup so that only internal domains are…

As a quick background, I have been working with firewalls for about 15 years (Cisco PIX, Cisco ASA, and recently SonicWall TZ and NSa). I have been working on and off with Sophos XGs for about 2 years now so I am familiar with them but they are definitely…

I am using XG210 (SFOS 18.0.5 MR-5-Build586) and Sophos Connect 2.1.20. SSL VPN and IPSEC VPN for Remote Access is configured as "use as default gateway" forcing all remote traffic through the XG. Remote users are able to access LAN resources, that…

Sophos XG106 (SFOS 18.0.5 MR-5-Build586) I have set up several own DNS servers and added them to XG DNS settings. XG DHCP service provides those DNS servers to our clients. Clients are separated in different zones, all with their own WAN rule and…

Currently, I have a Site-to-Site VPN, with split tunnels to specific IP's and networks, setup on both Sophos firewalls and they are working fine. BIGGEST THING TO REMEMBER , the branch office needs to have their computers on our internal Domain. The…

Hello, We want our lan users to not be able to change their dns settings on their computers or browsers to use other dns services available on the web. We want to only allow access to these two dns servers : 208.67.222.222 and 208.67.220.220 (these…

Hello ! Can someone support me in a “weird” issue please ? Problem : The Sophos XG135 is not returning any DNS name resolution if we don’t “reconnect” the RJ45 cable. When any PC on Windows 10 boots, they cannot access the DNS server which is our…

Hello Community, i have a problem. on my xg i have 2 Networks: 1. 172.20.10.x (Default LAN) 2. 172.20.8.x (VLAN8) Both have his own DNS Server: 172.20.10.x --> DHCP with DNS 172.20.10.1 172.20.8.x --> DHCP with DNS 172.20.8.1 i added all…

Hello...We have an XG firewall configured with (2) WAN interfaces. The primary is a cable connection from COX. We have a second one configured as a Backup in the WAN link manager that is pointing to a CradlePoint router with a Cellular SIM installed.…

Hello, I have a user who is utilizing the Sophos XG 86w firewall for a home office. They way it is set up has her home internet split to allow her work network as well as her home network. She connects to the networks via wireless. So she has an SSID…

DNS lookup started failing today but only for one website. Results return as 0.0.0.0 and page loads in browser report DNS_PROBE_FINISHED_NXDOMAIN Compare the results of a DNS lookup against router vs. against the external DNS server directly: ipconfig…

Hi, I am using Sohos XG, version SFOS 18.0.4 MR-4. It seems the way I configured DNS doesn't work for reverse DNS lookup of the firewall software itself. Please see attached screenshot. My DNS configuration looks as follows: -All clients use Sophos…

We noticed that webpages and email photos are loading slow on our XG125 Even the web interface for the XG Firewall seems to load slowly we have checked with our ISP and there are no problems with our cable modem, we also disabled the IPS and Web filtering…

Good day. I am new to networking and firewalls and I'm not sure if i setup the firewall correctly My home setup consists of a ADSL modem(bridge mode)> Mikrotik Router HAP AC2 >PI Hole DNS> Switch,. the ADSL(only service available where I stay )…

Hi guys, i am not quite sure if I am studpid and overseeing something obvious or if my sophos is behaving strange. I am using Sophos XG in Microsoft Azure and have set Sophos XG as DNS Server for all systems. Traffic from all Systems to Sophos…

Our XG firewall is also running as a DNS server. We have a device sending DNS requests to our firewall trying to get the ip for a malicious domain, and we are trying to identify the ip of the device sending the requests. From what I can see XG…

Hi there I have read a lot in the community but did not found any post who helped me. Try to keep it simple. I have two LAN ( LAN1 10.2.80.0, LAN2 192.168.2.0) DNS ist a Rasp PI > PiHole (10.2.80.222) In the DNS Option from the XG I have set: DNS…

Hello all, thank you for reading and hopefully someone has an answer or a workaround. We have the a Problem with DNS resolution on SophosConnect VPN Clients. If someone is connected with our vpn profile and has IPv6 enabled on the network interface…

I want IoT devices to use my internal DNS server. I setup a NAT rule to translate inbound DMZ interface to destination internal DNS server and I have a matching firewall rule but the traffic is getting dropped. IoT device calls to 8.8.8.8 on Port 53…

I'm having a few issues with an XG in place at the moment. Various things are failing such as checking for firmware/pattern updates, being able to use the web filtering feature and also using the inbuilt FTP backup feature. I have discovered that the…

Hi community, i am trouble finding the source of these google request's how do i stop this. 22:05:46.858375 lo, IN: IP 127.0.0.1.38637 > 127.0.0.1.53: 62194+ A? www.google.com.ar. (35) 22:05:46.958721 lo, IN: IP 127.0.0.1.38637 > 127.0.0.1.53: 62194…

Hi everyone, How and where do I enable wildcard blocking? I want to block all the stupid, ",io" TLD's among others. Something like this; https?://[A-Za-z0-9.-]*\.io/ just not sure where to put it. Thanks in advance!

Is it possible to create a DNS reverse lookup DNS request route for internal network ranges? It is mandatory for a mail gateway but does not seem to work when I set it up like in the screenshot and help button is no help. It can be done in UTM / SG…

Hi! Currently I'm planning a deployment of an XG system at a customer site. We have to do a "soft switch" from the old firewall to the new one, because of the remote access VPN, which are already deployed. For the most part I don't see any major problems…

I have a SSL vpn profile (PROFILE 1) through which majority of my users login remotely if required to access the LAN For a small group of contractors i have created a separate SSL VPN profile (PROFILE 2), so they have access only to 1 resource (SERVER…