Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • Server access : port to port won't work

    hello , i'll try a simple port forwarding when i setup this like below , it works when i change the source port to 7887 then it dont forward. why o why ?
  • Port Forwarding Question - Plex or Embry

    I believe I have everything right but I cannot see traffic in the firewall logs and I cannot get remote access to ether media server. NAT Rule : Port 2 is WAN, Port 1 is LAN, Synology is a local IP Any Suggestions? I already called my ISP and they…
  • Sophos XGS bgp routing preference

    Hello, we use 2 internet lines and have set up 2 route based vpn tunnels. BGP is used as the routing protocol. What settings can we make so that the 1st internet connection is used first and the 2nd internet connection is only used if this is not available…
  • Different default WAN gateways for different VLAN groups

    Hello. I wonder if Sophos Firewall could be set up to have each VLAN having different WAN gateways ? For example, VLAN 1 will go to WAN 1 and VLAN 2 will go to WAN 2, so that there will virtually be two networks. Originally, I was thinking to set…
  • Converting iptables to NAT rule

    Hi, I have been given an iptables command and I would like to create the same rule on my XG. Could anyone confirm if I have "translated" the rule correctly, please? iptables -t nat -I PREROUTING -s 10.100.20.19 -d www.riscocloud.com -p tcp --dport…
  • Phantom DDNS Alerts

    Hi, Starting yesterday, I've received a few dozen Central email alerts on DDNS issues. The first issue is I'm getting alerts for the DDNS configured in the XG-125w: " What happened: FQDN xxxxx in location xxxx LLC isn't resolving to a valid IP address…
  • XGS SFP ports not working until you specify interface speed (1G or 10G XGS, v20)

    Update to LAG not working unless you specify interface speed Using XGS4500 on 20.0.0 GA-Build22 with XSAZTCHF4 "Sophos FleXi Port Modul 4 port 10GbE SFP+" LACP bonding was not working on PortsA1-A4 unless specifying 10G Interface Speed manually, disabling…
  • How to Configure Sophos Firewall for Optimal Network Performance?

    Our organization recently deployed a Sophos Firewall to manage our network security, but we're experiencing some performance issues such as slow internet speeds and intermittent connectivity problems. I want to ensure that the firewall is configured correctly…
  • How do I setup DNS over TLS?

    I am using Sophos Firewall SFOS 20.0.0 GA-Build222. How do I setup DNS over TLS (with Cloudflare)? I can't find any instructions on the Sophos help pages.
  • Does bridging VLANs or VLANs on a bridge make a difference?

    I have an APX320 on Port1 of an XGS. The original setup was to first bridge Port1, PortF1, and Port4 onto a bridge, LAN_Bridge, and then have the AP send three of its SSIDs down VLANs and bridge the other SSID to its LAN (LAN_Bridge). So the VLANs (LAN_Bridge…
  • /31 WAN

    Hi, Can anyone confirm whether Sophos supports /31 subnet config on WAN interfaces please? XG2100 running SFOS 20.0.0 GA-Build222 Thanks
  • Access to the local subnet from the WAN interface (NAT RULE?)

    Hello everyone! I have 2 SOPHOS firewalls in two different buildings, connected by Long Range Aerials (point to point). FIREWALL 1 is configured like this: LAN 192.168.122.X (Aerial 1 is part of this DHCP pool) WAN public IPs (static) then…
  • Configure Traffic Shape on a System Host

    Hi everyone, I have configured a bridge on ports 1 and 5 I would like to know if it is possible to configure a traffic shaping on a specific port. for example, port 1 with 10MB, port 5 with 40MB, I have created the this rule but I'm not sure if it really…
  • bgp route advertise

    Hello, When I configure the bgp on sophos XG home I enter a network for advertise. Is it a way to advertise automatically new network or I must enter info manualy each time? regards
  • Bridge needs firewall rules, or not?

    I had our Sophos XG87 configured by our reseller when we bought it, since I knew nothing about how to do it properly. I've learned a lot and have changed quite a few things, but want to make a foundational change that will require destroying several things…
  • Block internet access for PowerShell

    Hello Community, one of our customers requested whether we could block internet access for powershell in order to prevent sideloading of any malicious modules or scripts. On the SG firewall, I already tried adding an application block rule for…
  • Allow Firewall for Copilot

    Hello team, We would like to know which Category unblocks the Buil-in copilot that is coming with Microsoft Edge. Is there an exception be made specific to co-pilot alone?
  • CPU load on XG650

    Hello, we are facing some performance issues on our XG650 running SFOS 19.5 MR3 and during investigation I have found that one of the Processors has significantly more load than rest of the 40 ones. Sometimes it is loaded up to 100% for tens of minutes…
  • Firewall rules and policy

    Hi, I am wanting to block the IOT network (xxx.xxx.5.xx/24) from pinging the default gateway of other networks so created a firewall rule to do so however when testing, devices in the IOT network are still able to ping the default gateway of other networks…
  • How to create a network object / host / rule which allows access to WAN but not LAN (RFC RFC 1918)

    Hi! I am a proud owner of XGS 107 and pretty happy with it. I am running a homelab with a few vlans, really nothing special. But there is something, that is bothering me: I am also using Barracuda Firewalls where i work, and there i really like the…
  • Cannot recreate VLAN after unbinding port

    Port 1 was configured for LAN Usage VLAN 20 was added to Port 1 Port 1 was then unbound, VLAN 20 went away. Created VLAN 2 on the (unbound) Port 1 Wanted to create VLAN 20 again and add to Port 1 as well Get message " Interface name exists.…
  • Multiple NICs on same LAN Subnet

    I have recently switched to a new ISP who allows me a blistering 3GB connection of which I wish to take some advantage. To do this, I rebuilt a new firewall from scratch with a 1Gb onboard NIC, plus a 2x10Gb NIC. This gives me 3 ports, which are in order…
  • Bandwidth report for the policy

    Hi, I have configured the Policy in the Sophos firewall for the AV devices with traffic shaping (QOS) We need to monitor the bandwidth utilization of the policy, and need to know how much bandwidth its utilized, Is there any way to do this ?
  • Scheduled downtime for appliances and tunnels

    Hello all, I have several firewalls claimed on Sophos Central and SD-WAN connection groups among them. One of the branches will be without power for about two weeks, so the firewalls and tunnels to this branch will be offline. Is there a way to…
  • ENABLING INTERNAL USERS TO ACCESS INTERNAL SERVICES OVER EXTERNAL INTERFACE

    Hello, I am using XGS2300 Version 20 When users are on LAN, they cannot access servers on the same network while using their public IP, they can only access the server over the public IP when they move out of the network. How do I solve that