Hi may I know once I set up the XG 430 HA and how to connect to the redundant core switch (Stacking Netgear) , thank you. etc: create 2 lan ports and assign IP to each core switch?

Hello Forum! I have a little challenge here. TLTR: Translating WAN IPv6 to LAN IPv4. I would like to make various services accessible via IPv4 and IPv6 from the WAN side. Internally in the LAN and DMZ I would like to continue working only with IPv4…

Hi Guys, I'm starting to learn Sophos XG and stumble upon this two images below. I would appreciate if someone help me visualize the said pictures since I'm having a hard time understanding it a (a high level diagram maybe?). Also I'm a little bit confuse…

Hi Guys Hoping someone can help me as I'm struggling a bit with V18 and the decoupling of NAT rules. I know it works as its working on V17 without issue. We have a vlan and within that vlan there is a device which requires WAN access. I have created…

Hello All, I tried to achieve something with Sophos, after going thru available KBs. I've a MPLS link (with BGP) and ILL at a location. ILL is terminated on Sophos and I've created IPSec Tunnel, in event of MPLS down, I shift the traffic on IPSec…

Good day! I am having to setup a new network for an IP based phone system our organization does not control. The system needs to work over the IPSec tunnel between two sites running Sophos XGs. Because we don't have access control over the system, we…

I'll try to explain my setup first, and then explain what I am trying to achieve. So I have two VLANs which are: PC Range (VLAN1): 172.16.0.0/16 Telephone Range (VLAN 122): 172.18.0.0/20 Both ranges can communicate with each other and our core switches…

Hi all, we are moving from a departement to another. Therefore a Site2Site Tunnel with overlapping networks are planned (using that howto: https://support.sophos.com/support/s/article/KB-000035848?language=en_US ) for the duration of the users…

Hello all, This is my WAN link configuration: The main interface has no IP address. but I created a VLAN on WAN interface and also add 2 alias valid IP address. I created 2 NAT policies for rules. all rules working fine and users have access to…

Hi, I'm having an issue at a location with a new XG firewall that I'm wondering if anyone has run into... The firewall is behind a cable modem, with a web server plugged into the modem. The web server has a static IP assigned. Let's call this x.x…

We have a Sophos XG 210 running SFOS 18.0.3 MR3. We have two WAN connections, and two different LAN networks. We are using SD-WAN Routing to ensure outbound traffic from LAN1 is routed out WAN1, and outbound traffic from LAN2 is routed out WAN2. The problem…

We have a DMZ subnet off of our XG 550. When our internet connection goes down, internal clients cannot get to the web servers located on that DMZ. If you do a tracert, it is attempting to send the traffic out the other internet connection and get to…

Hi everyone, I know the question may not be clear but here it is. I have managed to get connectivity between the branch and HQ. I can ping and access devices on both sides. The issue is, when VLAN551, which is the data vlan, is on WAN, the cisco…

Hello Sophos Community, i am experiencing the following problem: I am trying to configure the firewall in a way that it forwards a lot of requests unfiltered to two CMTS devices unfiltered via static routing. The CMTS devices are directly connected…

SSL VPN issue Hello!! I have actualy a problem, I configured a À SSL VPN. My all setting is perfectly configurate. But when I test in my PC I can't connecte. If I test in my Samsung Note10 + with OpenVPN the connection is successfully but no internet…

Dear i am using 2 Sophos XG 135 - 1 For HO ( Australia ) 1 for BO ( vietnam ) both side connected via VPN IP sec tunel and it working great Follow this KB https://support.sophos.com/support/s/article/KB-000035798?language=en_US i have successfull…

I am having an issue with one RED tunnel and OSPF. I have a couple of sites with XG devices that I use OSPF for my subnets already, however this one device is not working and I can't figure out why it is not. My XG acting as the RED server shows both…

Hi everyone, I recently switched over to XG Firewall from pfSense, thus kindly excuse my insufficient knowledge. For a testing setup I have virtualized XG on ESXi. My plan is to connect using a SSL VPN session to the manage zone, which is the only one…

Hi We want to establish a hub and spoke configuration for vNETs in Azure and place our Sophos XG virtual appliance in the Hub vNET. The Hub vNET will then be the default gateway for internet access and a S2S IPSEC to an on-premise Cisco ASA. All "spoke…

Hi everyone, How and where do I enable wildcard blocking? I want to block all the stupid, ",io" TLD's among others. Something like this; https?://[A-Za-z0-9.-]*\.io/ just not sure where to put it. Thanks in advance!

I was wondering if in one of the next MRs in SFOS 18 it was possible to include one or both of the following changes: Including the VTI interfaces in the pull-down menu options for PING diagnose * When pinging with an internal interface, letting…

Hi, I know this topic was discussed several times but I didn't found a solution in the forum yet. I use a XG106 (SFOS 18.0.1 MR-1-Build396) and several AP100c and APX320 access points. LAN has a different IP range than two of the WLANs have. This is…

Hi All, We have migrated to v18, and I have only just come to try out the SD-WAN policy routing. We have 2 WAN links for internet access: A high speed leased line 500mbps via BT (call it BTNET) and a slower WAN link 50mbps via Virgin Media (call it…

I have a VPN tunnel enabled to our Sophos XG in Azure. I then have a resource group peered to that group with the Firewall. I have communication from on-prem to The firewall resource group, and Communication between the resource groups but no matter what…

Hi All, Border Gateway Protocol (BGP) is a path vector protocol that contains path information, enabling the routers to share routing information between autonomous systems (AS) so that loop-free routes can be created. This protocol is generally used…