Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • Sophos XGS 107 firewall - do not relay IPv6 DHCP to LAN

    Hello, I have XGS 107 running in my setup. WAN is external network not managed by me. It looks like devices in the LAN network acquire Global IPv6 addresses instead of Link-Local addresses , which messes up a bit internet in my LAN network. Same setup…
  • Local admin services available on WAN port despite ACL not reflecting that

    So i'm a bit confused and could use some help. After running NMAP on my public IP for a sanity check i was greeted with ports showing open that shouldn't be available to the WAN port. I don't have any services checked on my local service ACL for WAN Starting…
  • Allow Port in Sophos Firewall

    Hi Everyone, I am new to Sophos firewall and I dont know much about this. Can any one tell me how to allow following port in Sophos XG135 (C1B0Cxxxxxxxxxx) CLOUC uses the following Ports HTTP, HTTPS and 9443 for the web console 5060 and 5061 TCP…
  • Error querying FQDN host in XGS firewall. There are multiple IPs for FQDN hosts in the internal network, and the firewall can only find one

    I am currently migrating the SG firewall configuration to XGS. After completing the configuration migration, it appears that the XGS firewall cannot query FQDNs properly. The same FQDN can be queried for two IPs in the SG firewall, but only one can be…
  • DNS over TLS / HTTPS with TLS Inspection

    Hello everyone, today the first occurences of DNS over TLS showed up in one of our customers logs. We have TLS Inspection rolled out at the company and are asking ourselves if the TLS Inspection also inspects DNS over TLS traffic and DNS over HTTPS…
  • Sophos XGS Firewall and Sonos in different VLAN - Multicast setup

    Has someone managed to get Sonos devices to work when they are on a different VLAN than the Sonos App? Would be great to share some information. Especially about routing Multicast through the firewall. I found a great article about this matter in…
  • Unable to add new service XG310 running 19.5.2 MR-2

    When going under Hosts and Services, and then under the Services tab, if I try to add a new service regardless of the name the save button does nothing. For example trying to add a service for ManageEngine Endpoint Central which requires TCP ports…
  • L3 VLANS not routing past gateway.

    Hope someone can help figure out what I am missing. I am pretty sure the issue is on the Sophos XG. I am setting up several VLANS on my Cisco 9500 L3 switch and the issue I am having is I cannot get passed the gateway when trying to access another VLAN…
  • XGS - DHCP String option 128 Vlan Polycom

    We were doing DHCP via Windows Server but decided to use Sophos XGS. DHCP to assign VLAN to Polycom phones via OPTION 128 String VLAN-A=20; - NOTE the ; (semicolon) MUST be at the end of the string for it to work with Polycom. XGS will not allow me…
  • IP phones are not connecting

    Hi, IP Phones are connected to the firewall on WiFi VLAN, then redirected to the router via SIP trunk. SNAT is enabled to establish the VoIP service. My problem is, in the firewall rule, if we choose source devices using IP host group, it only connects…
  • load balancing feature is not working and my users are Nat from the same ISP whenever they connected

    Dear Sir I have configured two ISP on two different ports of firewall providing the internet facility through Sophos Firewall. I am using the firewall load balancing features by assigning the weightage of 2:1 to both the ISP's. But load balancing feature…
  • MS Teams meeting drop 2-3 s : Protocol switch from TLS to SSL

    Hi All XG330 (SFOS 19.5.2 MR-2-Build624) I have the problem of connectivity lost, in MS Teams while meeting as picture below. According to analyse packet between incoming and outgoing when we use MS Team, I found that in the time of connectivity…
  • Unable to access VLAN networks from data networks

    I have 3 VLANS, 1 for CCTV, 1 for wifi controller, and the other for IP phones. data network - port 1 192.168.0.0/24 port1.12 - 192.168.2.0/24 - wifi. (VLAN) port1.13 - 192.168.1.0/24 - CCTV (VLAN) We want to manage the CCTV and the access…
  • Internet slow on XG firewall

    Hi, Got a client that has got a XG125 firewall. Users are complaining about internet speed. Internet line has been upgraded from 10/2 to 20/10 but there has not been a change in the speed. Changed the weight of the line from 1 to 50 but this…
  • Multiple WAN/LAN bridges on XGS 126

    Dear community members! We are planning to insert an XGS firewall into our existing network infrastructure with multiple WANs. This is the current setup: Three WAN routers from different ISPs with fixed public IPs are connected to a multi-WAN router…
  • cannot access yahoo web mail sites

    Hi all, I have a Sophos xg87 and a strange problem with accessing yahoo webmail sites from any computer on the lan. the site just does not open but also no error message appears and I can find nothing in the log files. It does not matter whether I…
  • Vlan routing issues -XG is virtual

    Hello I am trying my head around strange VLAN issues when XG is virtualized. The setup is as follows - ESXi has VLANS created. XG has two ports - Lan and Wan. Lan is on 4095, Wan is on different switch. XG Lan has multiple VLANS created (reflecting…
  • TCP SYN / retransmission

    On Sophos XG 19.01 MR1 Virtual appliance, i have for several minutes that any new TCP session outbound to the web is not connecting. while inspecting a tcpdump file, i see that existing TCP sessions work normally, just any new TCP SYN is not getting…
  • Firewall FQDN Subdomain learning different cache TTL issues with Windows DNS Server

    Hi, this issue is listed as resolved for 19.0.2 NC-111476 FQDN Subdomain learning isn't working in case of non-SFOS DNS server set for client. We're on 19.5.2 We have a server that downloads files once per day from a FQDN like files.downloadserver…
  • Odd Behavior with System Generated Traffic over IPSEC

    Hi, Encountering a weird error when trying to attempt using a server for DNS forwarding. We have a few branch offices - each connecting to DC via IPSEC (Connection Type: Site-to-Site / IKEv2) - with the DNS Forwadering Host in the DC. Now here's…
  • Cant connect to FTP

    Hello, I am not able to connect with a local FTP script to a server. This script works at another location but not here. Sophos XG latest version SFOS 19.5.2 MR-2-Build624 Here is the log: messageid="01001" log_type="Firewall" log_component="Invalid Traffic…
  • PIM-SM and IGMP on interface in the same time

    Hello, Can I have PIM-SM and IGMP on a interface in the same time? I have a problem with IGMP on interface with active PIM-SM neighbour (pim-sm router). In the presence of a PIM-SM neighbour, IGMP is inoperable for another destination. Is this behavior…
  • Selective deactivation of the SIP helper

    I have a customer with a well-functioning SIP telephony. But now he gets a problem with a door phone. This only works with deactivated SIP helper. ( system system_modules sip unload) Message: "Invalid traffic - Invalid connection helper" Possibly a dirty…
  • LAN port utilization high

    Hi, we have sophos xg-210 one LAN port utilization is high i have attached monitoring tools screenshot please check. model-XG210 Thanks satya
  • dhcp --lease Time increase

    Hi, currently we are running dhcp from firewall so some user lease time we need to increase so please help me how to extend lease time. Thanks satya