Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • SD-WAN IPv4/IPv6 Destination Networks

    I've recently taken a closer look at the SD-WAN route settings. In the Help section it states the following: The heading in the SD-WAN section states that the default route is SD-WAN > VPN > Static This means that I must specify the Internet IPv4…
  • Policy Based Routing

    Hello, our partner tried to implement Policy Based Routing on IPSec Tunnels. The induividual policies for the tunnels seemed to be okay but we ran into the problem that there was an issue with a Policy Route from Source Any to Destination Any where we…
  • Asymmetric routing

    Hi community, for reasons of simplification let´s assume that our XG450 ( SFOS 18.5.2 MR-2-Build380) has 4 ports configured: Port 1 - Zone WAN - IP 1.1.1.2/24 Gateway is 1.1.1.1 Additional Alias: 1.1.1.3/32 Port 2 - Zone DMZ1 - IP 2.2.2.1/24 used…
  • SD-Wan route not working

    Hello, I have a sophos XG in beta v19, I wanted to test the SD-WAN routes but I can't get it to work. I have three WAN accesses and for my sdwan route test I just created a rule that routes all nperf (fqdn) traffic to a specific wan. My rule is not…
  • SD WAN - can only select one interface

    hi all, under "routing > SD-WAN policy routing > add" incoming interface - you can only select one interface from the drop down menu but under "rules and policies > NAT rules > new nat rule" you can select multiple "inbound interfaces" just wondered why…
  • Multiple WAN (primary and secundary) with multiple IPs

    Hi, I have a scenario, where my ISP gives us 02 interfaces being primary (WAN1) and secondary (wan2). Above these WANs it routes some ips to them, so in case the primary fails, the secondary continues to serve these ips. That way, I can put a certain…
  • VPN IPSec with a BGP - AWS

    Hey guys! Can you help me with a configuration? I need to migrate the configuration of my VPNs with AWS and I needed to use BGP for that. Is it too complicated to make this configuration? What is the best scenario for the setup to run smoothly?…
  • SNAT and SD WAN for one specific LAN

    hi all, we have quite a few LANS on LAN/DMZ zones and two WANS i want one specific LAN (dmz zone) to go out WAN2, obviously i know i need to create an SD WAN, SNAT MASQ and firewall lan to wan rule for this (below) https://community.sophos.com/sophos…
  • Sophos XG 18.5 Multiple WAN

    Hi all I have 2 WAN, 1. WAN1 2. WAN2 I wan to use WAN1 for these group of internal IPs(192.168.0.5 - 192.168.0.10) and WAN2 for IPs (192.168.0.20 - 192.168.0.30) I was able to change WAN port on version 17.5 But i can not find this function…
  • OSPF stuck on Init/DROther

    Hello Community, I have the issue that some sites with OSPF will not come up, they stuck on state "Init/DROther": If I restart the OSPF Service (service ospfd:restart -ds nosync) on the headoffice firewall in most cases the routes will come up.…
  • OSPF loses connection if "redistribute route" is enabled

    Hello everyone, I have two Sophos XG appliances up and running for a couple of years. Both appliances are using a RED tunnel to connect to each other and routing is done via OSPF. Currently I have added all local subnets to the "network & area…
  • xfrm interface not shown after creating VPN connection to Azure VPN Gateway

    Hello everyone, we followed this guide ( https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/126356/sophos-xg-firewall-v18-to-azure-vpn-gateway-ipsec-connection ) to setup the azure vpn connection be cannot complete it due to the missing…
  • How to create a Migrated IPv4 SD-WAN policy route

    SOPHOS XG 125 How to create a Migrated IPv4 SD-WAN policy route and show it in the SD-WAN policy routing, and please answer with pictures .. Thank you
  • STAS authentication over SD-WAN

    I have two Sophos XG Firewalls ( SFOS 18.5.1 MR-1-Build326) Both are managed by Sophos Central and I used the platform to create an SD-WAN between the two offices. I am trying to get the Branch Office XG to access the AD at Head Office in order…
  • MPLS Connectivity Issues after switch from UTM to XG 18.5

    Hi all, We recently switched from a UTM software install to a pair of XG3100s running in HA active/passive. Since the switch over we have had an issue with clients at our branch offices communicating with servers and devices on our LAN. Network…
  • Sophos XG Ver18 dual BGP Failover and Failback and Preference

    Hi, I have Sophos XG330 and two BGP link configured in LAN Zone. Both link are active and working. I would like to configure failover/ Failback and set primary and secondary link. Does SD WAN Policy Routes help to achieve this ?? I have tried…
  • 2 networks

    I need 2 networks to talk with each other using 1 ip address. The 2 sites are physically connected with a Metro E (Dark fiber), this connection is a dedicated fiber between the 2 sites. Each site has its own network. Site A has the IP’s that Site B needs…
  • Best way to route

    So as of right now I have Sophos running on a r610 server with Proxmox and I am only using 2 of the 1 gig nic. My question is what's the best way for me to disable to home cable modem DHCP and force connected clients through Sophos. Would setting the…
  • Static Routing Not working on SOPHOS XG Firewall.

    Hi Sophos Community, I am struggling to route traffic between two sophos over the Point to Point Connectivity as i am deploying my project in Eve Simulator but its not routing the traffic from the 10.10.0.5 PC towards the 192.168.3.30 Win Server and…
  • SD-20 - No Network traffic on rules

    Hello I've setup a new SD-20 in our office using the 4G Module that plugs into the SD-20, the unit seems to be in "failover" mode with the red status system light blinking red and others flashing green, the network is up and working i can access my…
  • TRAFFIC FROM LAN INTERFACE CAN'T GO TO BRACNCH VIA A WAN LINK.

    Traffic from my LAN interface cannot go to branch even though all policies are defined correctly. But the reverse worsks. Traffic from the branch are able to reach services at HQ. What might be the issue.
  • Moving services to go through other internet connections

    I'm sure there are some great articles and other topics about this, but I am unable to find these, so I'm asking! Basically I have a site with an xg firewall running 2 internet connections, basically here is what I want to do; Move Office365 services…
  • How to log Drops from advanced-firewall checks

    Hello, We have a clients-server based application, where the server is in a different vlan as the clients. The communication between both vlans is routed via SophosXG VLAN Interfaces. (XG430 / 18.5MR1) The GUI firewall rules are configured to…
  • RFC1918 WAN Interface

    Hey there! Simple (and maybe stupid) question: If I have a network like this: WAN | PPPoE Router (192.168.1.1) | (192.168.1.10) (Zone: WAN, Default gateway 192.168.1.1) Sophos XG (192.168.5.1) (Zone: LAN) | LAN (All IPs are with /24 subnet mask…
  • Check type of traffic used by host and only allow to pass through main Wan connection

    I have 2 wan connections, main, and LTE. LTE is only backup, and don't want to unnecessarily use it. I have IPTV subscription, and don't want it to use the LTE when main connection goes down. I know the IP address of the TV box. Can anyone tell me find…