Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • XG 430 HA Setup

    Hi may I know once I set up the XG 430 HA and how to connect to the redundant core switch (Stacking Netgear) , thank you. etc: create 2 lan ports and assign IP to each core switch?
  • WAN IPv6 to DMZ/LAN IPv4

    Hello Forum! I have a little challenge here. TLTR: Translating WAN IPv6 to LAN IPv4. I would like to make various services accessible via IPv4 and IPv6 from the WAN side. Internally in the LAN and DMZ I would like to continue working only with IPv4…
  • Sophos Static Routing

    Hi Guys, I'm starting to learn Sophos XG and stumble upon this two images below. I would appreciate if someone help me visualize the said pictures since I'm having a hard time understanding it a (a high level diagram maybe?). Also I'm a little bit confuse…
  • Version 18 and the Nat Rules

    Hi Guys Hoping someone can help me as I'm struggling a bit with V18 and the decoupling of NAT rules. I know it works as its working on V17 without issue. We have a vlan and within that vlan there is a device which requires WAN access. I have created…
  • MPLS as Primary and ILL IPSec Tunnel as Backup

    Hello All, I tried to achieve something with Sophos, after going thru available KBs. I've a MPLS link (with BGP) and ILL at a location. ILL is terminated on Sophos and I've created IPSec Tunnel, in event of MPLS down, I shift the traffic on IPSec…
  • Restricting network to network access through IPSec Tunnel on Sophos XG

    Good day! I am having to setup a new network for an IP based phone system our organization does not control. The system needs to work over the IPSec tunnel between two sites running Sophos XGs. Because we don't have access control over the system, we…
  • Creating a route between VLANs

    I'll try to explain my setup first, and then explain what I am trying to achieve. So I have two VLANs which are: PC Range (VLAN1): 172.16.0.0/16 Telephone Range (VLAN 122): 172.18.0.0/20 Both ranges can communicate with each other and our core switches…
  • Site2Site Tunnel with overlapping Network AND SSL VPN User

    Hi all, we are moving from a departement to another. Therefore a Site2Site Tunnel with overlapping networks are planned (using that howto: https://support.sophos.com/support/s/article/KB-000035848?language=en_US ) for the duration of the users…
  • How to change device itself internet access IP to an alias IP?

    Hello all, This is my WAN link configuration: The main interface has no IP address. but I created a VLAN on WAN interface and also add 2 alias valid IP address. I created 2 NAT policies for rules. all rules working fine and users have access to…
  • Accessing services hosted on our static IPs

    Hi, I'm having an issue at a location with a new XG firewall that I'm wondering if anyone has run into... The firewall is behind a cable modem, with a web server plugged into the modem. The web server has a static IP assigned. Let's call this x.x…
  • SD-WAN multiple LAN

    We have a Sophos XG 210 running SFOS 18.0.3 MR3. We have two WAN connections, and two different LAN networks. We are using SD-WAN Routing to ensure outbound traffic from LAN1 is routed out WAN1, and outbound traffic from LAN2 is routed out WAN2. The problem…
  • Can't get to DMZ servers when internet goes down

    We have a DMZ subnet off of our XG 550. When our internet connection goes down, internal clients cannot get to the web servers located on that DMZ. If you do a tracert, it is attempting to send the traffic out the other internet connection and get to…
  • Cannot reach Gateway when VLAN in on LAN on Sophos XG

    Hi everyone, I know the question may not be clear but here it is. I have managed to get connectivity between the branch and HQ. I can ping and access devices on both sides. The issue is, when VLAN551, which is the data vlan, is on WAN, the cisco…
  • XG 550 v18.0.1 MR-1-Build396

    Hello Sophos Community, i am experiencing the following problem: I am trying to configure the firewall in a way that it forwards a lot of requests unfiltered to two CMTS devices unfiltered via static routing. The CMTS devices are directly connected…
  • SSL VPN

    SSL VPN issue Hello!! I have actualy a problem, I configured a À SSL VPN. My all setting is perfectly configurate. But when I test in my PC I can't connecte. If I test in my Samsung Note10 + with OpenVPN the connection is successfully but no internet…
  • Route Traffic via VPN IPSec Site to Site for some Specific Website

    Dear i am using 2 Sophos XG 135 - 1 For HO ( Australia ) 1 for BO ( vietnam ) both side connected via VPN IP sec tunel and it working great Follow this KB https://support.sophos.com/support/s/article/KB-000035798?language=en_US i have successfull…
  • OSPF not received on RED client XG

    I am having an issue with one RED tunnel and OSPF. I have a couple of sites with XG devices that I use OSPF for my subnets already, however this one device is not working and I can't figure out why it is not. My XG acting as the RED server shows both…
  • Zone <-> VPN Routing - XG Firewall

    Hi everyone, I recently switched over to XG Firewall from pfSense, thus kindly excuse my insufficient knowledge. For a testing setup I have virtualized XG on ESXi. My plan is to connect using a SSL VPN session to the manage zone, which is the only one…
  • vNet Peering with XG in Azure

    Hi We want to establish a hub and spoke configuration for vNETs in Azure and place our Sophos XG virtual appliance in the Hub vNET. The Hub vNET will then be the default gateway for internet access and a S2S IPSEC to an on-premise Cisco ASA. All "spoke…
  • Wild Card Blocking/Filtering?

    Hi everyone, How and where do I enable wildcard blocking? I want to block all the stupid, ",io" TLD's among others. Something like this; https?://[A-Za-z0-9.-]*\.io/ just not sure where to put it. Thanks in advance!
  • Change request for SFOS 18: Diagnose, Tools, Ping through VTI tunnel

    I was wondering if in one of the next MRs in SFOS 18 it was possible to include one or both of the following changes: Including the VTI interfaces in the pull-down menu options for PING diagnose * When pinging with an internal interface, letting…
  • Access printer+scanner placed in LAN from WiFi

    Hi, I know this topic was discussed several times but I didn't found a solution in the forum yet. I use a XG106 (SFOS 18.0.1 MR-1-Build396) and several AP100c and APX320 access points. LAN has a different IP range than two of the WLANs have. This is…
  • v18 SD-WAN Policy Routing - Wrong Gateway

    Hi All, We have migrated to v18, and I have only just come to try out the SD-WAN policy routing. We have 2 WAN links for internet access: A high speed leased line 500mbps via BT (call it BTNET) and a slower WAN link 50mbps via Virgin Media (call it…
  • Azure peering access across a IPSEC VPN to On-Prem

    I have a VPN tunnel enabled to our Sophos XG in Azure. I then have a resource group peered to that group with the Firewall. I have communication from on-prem to The firewall resource group, and Communication between the resource groups but no matter what…
  • [Fresh From the Press: Latest KB's] Sophos XG Firewall: How to configure BGP

    Hi All, Border Gateway Protocol (BGP) is a path vector protocol that contains path information, enabling the routers to share routing information between autonomous systems (AS) so that loop-free routes can be created. This protocol is generally used…