Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • Routing Problem with Sophos XG

    Hello, i have a problem and i hope you can help me: 1) I have a zone called >RED, with my REDs in branch offices (Ip-network: 192.168.41.1/24) 2) I have some destinitions which are connected with IP-Sec connections (IP-Network: 172.30.200.0/24…
  • OSPF version in XGS

    Hi, What version of OSPF the XGS firewalls support? I tryied to read in the papers product but there is no answer for that. The XGS 3300 has support for version 3 (RFC 2740)?
  • xgs - sdwan cli set policy routing

    hi all, have the xgs firewall and i can ssh into console via admin but whats the command to see what sd wan policy its using or whether its on and if need be, change it to sdwan first and then vpn thanks, rob
  • Routing capabilities of XG 430

    Hello, I apologize if this is a rookie question. I have 2 XG 430s in HA mode behind a Cisco 3900 router. ISP>Cisco>XG>Users My question is can we use the Firewall(s) for routing and eliminate the Cisco router? I believe it's only doing layer 3 routing…
  • VoIP communication problems over SD-WAN and IPsec-Interfaces

    Hi, We have several departments and connect them via IPsec “Tunnel Interfaces”. For each interface we set up a Gateway and configured a SD-WAN policy. This works for the most Services, but not for VoIP and Radius. The traffic is logged as allowed…
  • 4 Byte AS Number Support for BGP

    I am configuring BGP on a Sophos XG Firewall (18.5.2 MR-2-Build380). Our ISP has assigned a 4 Byte AS Number. For the purpose of this discussion, let's say it's 4000012345 (Binary: 1110 1110 0110 1011 0101 1000 0011 1001 ) The issue I'm having is…
  • TWO gateway internet

    Dears, I Have firewall SOPOHS XG230. I have two gateway to internet. when do rule LAN to WAN and select nat rule MASQ to access intenet. I want change internet gateway for some LAN's IP, how i can do it? some LAN access intenet from GW1 …
  • Very Strange Routing / NAT Behavior of XG 550 18.5 MR-3

    Hello, we notice very strange behaviour of our Firewall. When connecting a Device on the network we see that we can ping devices in directly on the firewall attached devices without any issues. For the internet and networks that are connected indirectly…
  • MPLS as backup to IPSEC

    Hello We would like to set up mpls as backup for ipsec according to sophos when we establish ipsec and mpls static route the ipsec is the primary because it has the highest precedence In our case we established ipsec and it didn't work unless we added…
  • Cisco CUCM VOIP issue with firewall

    Good Day. I have two Sophos firewalls linked via LAN cable, as below The routing rule and firewall policy are set between firewalls to Allow LAN networks to Access each other on both sites. and everything is okay, we can access servers and clients…
  • MPLS & IPSEC Failover with SD-WAN

    Hello All, Need help with Failover - I've a XG106 with MPLS Terminated on it and ILL. IPSec Tunnel is formed between HO and this XG106. I want to achieve Failover of Connectivity to HO on IPSec Tunnel in event of MPLS down, using SD-WAN. Tried seaching…
  • SOPHOS XG Home Inter LAN Traffic

    So, still in the middle of migrating from UTM9 to XG and experiencing growing pains. Totally retooling my network and I am having trouble understanding a problem that I have run up against. I have a managed switch that I have my wireless VLANs on (ports…
  • Migrate Static Route Fortinet to Sophos

    I tell you that during the migration of a Fortinet FW to Sophos, we have some doubts about the routing issue. Example: Routing to Migrate Destination IP/Mask 172.17.0.0/255.255.0.0 Device: VPN-Gto (This is a Site to Site tunnel, however, even putting…
  • 2 ISP + 2 Network

    Hi All, newbie in Networking. Currently, we have this network setup We are planning to get an additional ISP exclusive for one of our departments. Is it possible to connect another modem(ISP) to our router and which configurations should I do to…
  • How to manage asymetric route with Sophos XG v.18

    Hi everyone, Maybe I'm doing something wrong but I can not have all my offices browse each other on MPLS connection... First of all each office has a connection, managed externally by one ISP, with its own router and each is part of a big MPLS. On…
  • Did I create a correct SD-WAN rule ?

    Hello everyone, I have the following network map layout: I use a dual-WAN bandwidth aggregation configuration rather than a failover one for most of the interfaces. However, I look forward to assigning my TrueNAS server (VLAN 9) to only use WAN…
  • SD WAN policy routing

    Hello, I hope somebody can give me a hint... I got a 18.5.2 with 2 seperate WAN links and I want some clients to use link1 default, failover to the second if it is not available. I also managed that, BUT: I couldn't find a way to tell SD WAN…
  • How do I assign certain routes to each of my interface ?

    Hello everyone, Sorry for being a noob here. I have the following network map layout: I use a dual-WAN bandwidth aggregation configuration rather than a failover one for most of the interfaces. However, I look forward to: Assign my TrueNAS server…
  • NAT and SD WAN

    Hey All, I was kinda wondering, I Sophos V17 you could select the NAT on the FW rule itself and that that's the route it would take But now in V18 its separated, If you have one link can you add NAT rules on its own with no SD WAN routing would…
  • NAT or SD WAN Policy Routing

    HI, We have 3 ISP(ISP1, ISP2 and ISP3) connected to our firewall in our HQ. In our HQ we have at least 5 subnets. My question is can i let some subnet to utilize only ISP2 for internet, not just internet but fully utilize the link. The other link i…
  • Sophos XG - Default Route Failover

    Hi, I'm attempting to get WAN failover working across sites using OSPF (default information originate). The issue is with getting the local default route disabled in case the local Internet connection drops. Can you please let me know what is the correct…
  • ospf_read invalid Area ID

    Hello Community, I have a strange issue with two VPN Tunnels and OSPF. For this tunnels the Firewall says that the Area ID 0.49.1.0 is invalid. On some other sites the Area works. 10.10.241.85 is the local firewall, the other firewall (on the other…
  • How to configutre specific devices to use a particular ISP in v18

    Kindly help. I configured a load balance on two ISP links for my users. Among those users, I want some specific users to make use of just one of the ISPs only whole the rest use both. How do i go about it in v18 because it is very easy in v17. …
  • Multisite MPLS & VPN Tunnel Backup

    HI All Right now we implement MPLS with VPN as backup base on KB-000035833 document. Our MPLS connect with multiple site also VPN Tunnel connect to multiple tunnel to backup MPLS. As per document we need to add system link_failover add primarylink…
  • SD-WAN Route VPN Traffic - Gateway Setup

    Hi, i try to configure a SD-WAN Route for a failover scenario with 18.5.2. There is a VPN Setup for a Branchoffice with a listener/gateway IP configured. Clients are on the local subnet and communicate with the Hostingsolution over VPN. Now the…