Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • Slow page and email photo load

    We noticed that webpages and email photos are loading slow on our XG125 Even the web interface for the XG Firewall seems to load slowly we have checked with our ISP and there are no problems with our cable modem, we also disabled the IPS and Web filtering…
  • XG Firewall Home -Bridge Mode

    Good day. I am new to networking and firewalls and I'm not sure if i setup the firewall correctly My home setup consists of a ADSL modem(bridge mode)> Mikrotik Router HAP AC2 >PI Hole DNS> Switch,. the ADSL(only service available where I stay )…
  • FQDN Host not updating? - Allow HTTP/ HTTPS Traffic to FQDN Host

    Hello together, I am trying to allow traffic to specific websites using firewall rules with FQDN-Hosts as Destination. Unfortunately this is not alwas working as expected: I try to reach github assets under https://github-production-release-asset…
  • Strange DNS request with Sophos Firewall as DNS Server

    Hi guys, i am not quite sure if I am studpid and overseeing something obvious or if my sophos is behaving strange. I am using Sophos XG in Microsoft Azure and have set Sophos XG as DNS Server for all systems. Traffic from all Systems to Sophos…
  • identify the ip of the object sending DNS requests to XG

    Our XG firewall is also running as a DNS server. We have a device sending DNS requests to our firewall trying to get the ip for a malicious domain, and we are trying to identify the ip of the device sending the requests. From what I can see XG…
  • Configuring DNS right?

    Hi there I have read a lot in the community but did not found any post who helped me. Try to keep it simple. I have two LAN ( LAN1 10.2.80.0, LAN2 192.168.2.0) DNS ist a Rasp PI > PiHole (10.2.80.222) In the DNS Option from the XG I have set: DNS…
  • Ubuntu 20.04 VPN Name Resolution

    I'll try to keep this short and concise with helpful images where appropriate. For Ubuntu 20.04, I download the OpenVPN config "for Android", because "for other OSs" does not work. Using the gnome network manager, I import the OpenVPN file. I'm able…
  • XG continually crashing on any version past 17.5.0

    We have a few dozen XGs deployed, ranging from 105s to 210s. Most of these have very similar configurations, nothing crazy, AD authentication, Sophos Central Heartbeat, SSL and IPSec VPN, IPS/IDS, etc. At one specific site we have an XG125 that was…
  • Sophos XG v18MR3 SophosConnect v2. Problems with IPv6 and DNS

    Hello all, thank you for reading and hopefully someone has an answer or a workaround. We have the a Problem with DNS resolution on SophosConnect VPN Clients. If someone is connected with our vpn profile and has IPv6 enabled on the network interface…
  • Policy Based DNS Selection

    Hello Sophos Community, I have setup the Sophos XG 115 to have two WAN links in Active Backup mode. I have setup 2 Policy Routes so that destinations in Asia goes through WAN1 and destinations in USA goes through WAN2. Everything works just fine. However…
  • 3rd DHCP Server - Sophos XG

    Hello people. I am configuring the DHCP server for my client machines through Sophos XG. However, via the web, I can only assign primary DNS and Suncadario through DHCP Server. I would like to assign a 3rd DHCP. Any tips? Thanks.
  • NAT DNS Service to LAN address

    I want IoT devices to use my internal DNS server. I setup a NAT rule to translate inbound DMZ interface to destination internal DNS server and I have a matching firewall rule but the traffic is getting dropped. IoT device calls to 8.8.8.8 on Port 53…
  • XG initiated traffic being sent to ipsec0

    I'm having a few issues with an XG in place at the moment. Various things are failing such as checking for firmware/pattern updates, being able to use the web filtering feature and also using the inbuilt FTP backup feature. I have discovered that the…
  • Connecting to VPN via Sophos Connect uses remote DNS rather than local

    I configured my local DNS server (pfSense) to block access to certain domains. But, when I connect to my office's VPN with Sophos Connect, the domains are not blocked and nslookup shows that the default DNS is the remote server. Is there something in…
  • Custom DNS host entry for the client is not working as needed? XG17.5.14 and XG18.0.3

    I have an office A using 192.168.30.0/24 network. Office A LAN gateway IP is 192.168.30.170. And i have an office B using 192.168.22.0/24 network. Both office A and B has IPsec VPN connection. I added DNS host entry for Web-server01(192.168.22…
  • Can ping DNS Server but can't resolve any name

    I have a XG Firewall with an active SSL VPN. I'm now trying out Sophos Connect as an alternative / replacement and so far I was able to connect from my client to the firewall and access the resources as long as I access everything via the IP address.…
  • Firewall flood request to google

    Hi community, i am trouble finding the source of these google request's how do i stop this. 22:05:46.858375 lo, IN: IP 127.0.0.1.38637 > 127.0.0.1.53: 62194+ A? www.google.com.ar. (35) 22:05:46.958721 lo, IN: IP 127.0.0.1.38637 > 127.0.0.1.53: 62194…
  • Wild Card Blocking/Filtering?

    Hi everyone, How and where do I enable wildcard blocking? I want to block all the stupid, ",io" TLD's among others. Something like this; https?://[A-Za-z0-9.-]*\.io/ just not sure where to put it. Thanks in advance!
  • XG v18: Reverse lookup DNS request route in-addr.arpa.

    Is it possible to create a DNS reverse lookup DNS request route for internal network ranges? It is mandatory for a mail gateway but does not seem to work when I set it up like in the screenshot and help button is no help. It can be done in UTM / SG…
  • xg dns logging

    Either locally or through Central is there a way to perform 24/7 dns logging from multiple sfos 18 xg's that doesnt require tcpdump packet capture?
  • How can I create an IPSec connection with a domain as listenting interface?

    Hi! Currently I'm planning a deployment of an XG system at a customer site. We have to do a "soft switch" from the old firewall to the new one, because of the remote access VPN, which are already deployed. For the most part I don't see any major problems…
  • Turning off Sophos XG DNS server stops resolution of hostname (using external DNS server)?

    I'm using Sophos XG as my DHCP server but a separate device (Pi-hole) as my DNS server. Everything works fine and Pi-hole is functioning as expected. However, if I shut down the Sophos XG DNS service, I can no longer access any websites (i.e. no longer…
  • Add DNS to separate SSL VPN profile

    I have a SSL vpn profile (PROFILE 1) through which majority of my users login remotely if required to access the LAN For a small group of contractors i have created a separate SSL VPN profile (PROFILE 2), so they have access only to 1 resource (SERVER…
  • DNS Forwarding

    Hi, i have a VPN with two XG Firewalls. One Branch Office and a Headoffice. At the Headoffice side i have the Domain DC). Now i want to join Clients in the Branch Office to the Domain. For this an working DNS with forwarding to the DC is needed. …
  • How to clear DNS cache ?

    We are using XG230 firewall with latest firmware. We are web development company, we frequently update pages and DNS for our clients. But these changes not update for the users under firewall proxy rules. At same time, it is working fine with users without…