Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • All IPS Signature release notes are incorrect.

    I thought it was weird that Sophos was rating the Log4j vulnerability as the lowest severity, when everyone else in the world considers it a high risk. But it appears that Sophos has just always got their documentation wrong. Looking at all the IPS…
  • ATP reporting external IP as source

    Hello, I found this old thread but didn't find it helpful. https://community.sophos.com/sophos-xg-firewall/f/discussions/124646/atp-reporting-external-ip-as-source From the ATP reports I am seeing Google and Cloudflare DNSs being reported. …
  • alerts keep scaling

    does anybody know what the cause of this alert ? also i want to stop it from it source ?
  • "Malware 'Unscannable' was detected and blocked in a download from ocsp.digicert.com"

    Hello and have a nice day we had a short power failure yesterday and since then I have this error message in the event log every second: messageid="08001" message="Malware 'Unscannable' was detected and blocked in a download from ocsp.digicert.com…
  • Sophos AV failed to update

    Yesterday Sophos AV on XG V 18.5 MR1 failed to upgrade. Trying to do manual update from pattern, it fails also: Sophos AV 1.0.17271 - 20:38:14, Nov 15 2021 Failed When this failed, WAF failed with daemon error…
  • slow internet speed

    Hi I have a new Sophos XG136 without any firewall rule besides the default one. it is working in a bridge mode and connected to ISP modem and Cisco router. Both interfaces have 1000 Mbps - Full Duplex Auto-negotiated. When I make a speed test I'm…
  • ICMP Error Message

    Weird issue I am having. Our APs are having issues reaching 8.8.8.8 and 8.8.4.4 (not every time but enough and consistent enough to throw an error on the APs themselves) When I check the Log Viewer I don't see any issues or dropped traffic. When I…
  • Disable system service from starting up after boot

    I want to disable IPS service as i am not using it , so i manually stopping it every time i reboot Sophos XG . so how can i disable it from startup after reboot Thanks
  • Sophos XGS116 IPS causes severe delay when opening websites

    We are currently deploying an XGS116 running FW SFOS 18.5.1 MR-1-Build326 . We noticed that the IPS feature is causing a severe delay of 3-5 seconds when opening websites. Interestingly enough this delay is also happening when NO IPS policy is applied…
  • XG Log Viewer Application Filter Tab Always Empty

    Hi, I have an XG125w (and before that am XG106) with SFOS 18.5.1 MR-1-Build326. When I go to the log viewer, Application Filter tab, the log is empty, It has always been empty, even with the XG106. I checked my firewall rules and they are all set to…
  • ATP reports "C2/Generic-A" :

    Hello some of our customers asked me about this so I think this will help others, too. 2021-10-18 10:24:07 192.168.36.181 enabaonag_laptop 192.168.36.1 C2/Generic-A www.google.com.512542883555094…
  • Xg - strange application behaviour

    Hi folks, I have been investigating an issue with my Apple devices using an application called manual proxy surfing. The strange behaviour is if I block proxy and tunnel then I get error rs in the application log and in the daily reports. If I don…
  • V18.5: Custom IPS Pattern cannot be added

    Hi there, I'm trying to add a custom IPS Pattern which does not work as described here: Add a custom IPS signature (sophos.com) The online documentation does not says anything about >> ; <<. Can somone share a working custom IPS pattern example…
  • Port scan Detection XG18

    Hello, While looking for a way to enable port scan detection on my XG18, all I can find is articles from years ago on how to configure it on the UTM. Are their any recent articles detailing how to be notified of this sort of scanning? You would think…
  • 1Password is not a "Loss of Productivity" application -- how to report to Sophos

    I've noticed that Sophos classifies 1Password as, among other things, a "Loss of Productivity" application. In fact, it may be a high productivity application that encourages security. And I notice that LastPass -- a similar application -- is not categorized…
  • XG reboot and change in HA Status

    Dear Comminity, I've a customer with an HA pair of XG135 with SFOS 18.0.5 MR-5-Build586. They are facing random reboot of the appliance that force a change HA status. During this reboot they 5/10 minutes of disconnectoin. I've open a sophos case…
  • Sophos XG Home and malware detection

    I have migrated the settings of my (now end-of-life) Cyberoam device to a Protectli FW4B that is running Sophos Firewall XG Home Edition, latest version. Initially I was quite happy, but then I tried the EICAR.ORG testfiles, and those Test-Viruses were…
  • Antivirus and IPS Engine service stopped in XG 210 firewall

    Hi, I have a sophos xg 210. It was working fine but it recently started to behave strange. The antivirus and IPS engine service is stops, when I restart it stops again and keep doing that. I have just update firmware from SFOS 18.0.5 MR-5-Build586 to…