Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • cannot ping from sophos device

    Hi I am using SFOS 21.0.0 GA-Build169 and noticed that when I use the ping diagnostic tool in the Sophos interface it doesn't work when I select an interface (eg ping using an IP in my networks) I logged into the console of the Sophos device and got…
  • Unable to access captive portal using Lets Encrypt certificate

    Problem: When I go to the portals from my LAN zone I can get into all of them except the captive portal. Ports 4443 (user) , 4444 (admin) work. Port 8090 gives me an error in the browser: Firefox v133.0: PR_END_OF_FILE_ERROR Chrome v131.0.6778.87: ERR_CONNECTION_CLOSED…
  • v21 Let's Encrypt Cert creation and renewal fails, whan NAT Rule for HTTP/HTTPS exists

    On one of our XGS-firewalls, we need a NAT rule for HTTP/HTTPS. On this firewall, it's not possible to create or renewal a Let's Encrypt Cert. We need to disable the NAT rule, then it works to create/renewal the certificate. But this can't be the…
  • Sophos Firewall v21.0 GA - Kyber TLS (Edge/Chrome) connection reset error for transparent TLS decryption

    We recently upgraded our Sophos XGS 4300 to SFOS v21. Since then, we are finding that a number of our users were receieving connection reset messages in their browser (Edge and Chrome) when attempting to access some websites with transparent TLS decryption…
  • Invalid Traffic / Invalid TCP state (no routing issue)

    Hello, I have a problem with mainly HTTPS connections showing up in the log as Invalid Traffic / Invalid TCP state. See screenshots below. example domain is https://telekom.de I have 2 Internet connections with separate NAT and SD-WAN routes. Routing…
  • IPv6 Country Block WAN to LAN strangeness

    Hello, Since the XG Firewall does not have countries for IPv6, I have created my own countries based on published IPv6 address ranges which can be found here https://www.ipdeny.com/ I created a LAN to WAN rule to block access to a country and a WAN…
  • Sophos XG Alias Interface not showing up, SFOS 21

    Hi all, I created a new alias interface but missed on digit, so the address doesn´t belong to a existing interface configuration. Now I cant delete that alias because its not showing up in gui. Is there a way do get rid of that alias via console?
  • v21 XG Home VPN Hardware acceleration

    Good evening, Back testing XG Home, does v21 support hardware acceleration for IPsec and SSL VPN tunnels? I have XG Home installed on a XG230 R2 at mo, I have a XG135 R3 that has pfsense + on it atm, so pending successful testing, planning on dropping…
  • Sophos 21 Home Lets Encrypt Secondary Validation Fetch Timeout

    Certificate request fails with secondary validation time out. I can see in the web server protection log viewer that the well known url is being requested with the unique value. I also briefly see that the temporary waf rule is created. Only thing to…