Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • SNAT and SD WAN for one specific LAN

    hi all, we have quite a few LANS on LAN/DMZ zones and two WANS i want one specific LAN (dmz zone) to go out WAN2, obviously i know i need to create an SD WAN, SNAT MASQ and firewall lan to wan rule for this (below) https://community.sophos.com/sophos…
  • Sophos XG 18.5 Multiple WAN

    Hi all I have 2 WAN, 1. WAN1 2. WAN2 I wan to use WAN1 for these group of internal IPs(192.168.0.5 - 192.168.0.10) and WAN2 for IPs (192.168.0.20 - 192.168.0.30) I was able to change WAN port on version 17.5 But i can not find this function…
  • OSPF stuck on Init/DROther

    Hello Community, I have the issue that some sites with OSPF will not come up, they stuck on state "Init/DROther": If I restart the OSPF Service (service ospfd:restart -ds nosync) on the headoffice firewall in most cases the routes will come up.…
  • OSPF loses connection if "redistribute route" is enabled

    Hello everyone, I have two Sophos XG appliances up and running for a couple of years. Both appliances are using a RED tunnel to connect to each other and routing is done via OSPF. Currently I have added all local subnets to the "network & area…
  • xfrm interface not shown after creating VPN connection to Azure VPN Gateway

    Hello everyone, we followed this guide ( https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/126356/sophos-xg-firewall-v18-to-azure-vpn-gateway-ipsec-connection ) to setup the azure vpn connection be cannot complete it due to the missing…
  • STAS authentication over SD-WAN

    I have two Sophos XG Firewalls ( SFOS 18.5.1 MR-1-Build326) Both are managed by Sophos Central and I used the platform to create an SD-WAN between the two offices. I am trying to get the Branch Office XG to access the AD at Head Office in order…
  • MPLS Connectivity Issues after switch from UTM to XG 18.5

    Hi all, We recently switched from a UTM software install to a pair of XG3100s running in HA active/passive. Since the switch over we have had an issue with clients at our branch offices communicating with servers and devices on our LAN. Network…
  • Sophos XG Ver18 dual BGP Failover and Failback and Preference

    Hi, I have Sophos XG330 and two BGP link configured in LAN Zone. Both link are active and working. I would like to configure failover/ Failback and set primary and secondary link. Does SD WAN Policy Routes help to achieve this ?? I have tried…
  • How to create a Migrated IPv4 SD-WAN policy route

    SOPHOS XG 125 How to create a Migrated IPv4 SD-WAN policy route and show it in the SD-WAN policy routing, and please answer with pictures .. Thank you
  • 2 networks

    I need 2 networks to talk with each other using 1 ip address. The 2 sites are physically connected with a Metro E (Dark fiber), this connection is a dedicated fiber between the 2 sites. Each site has its own network. Site A has the IP’s that Site B needs…
  • Best way to route

    So as of right now I have Sophos running on a r610 server with Proxmox and I am only using 2 of the 1 gig nic. My question is what's the best way for me to disable to home cable modem DHCP and force connected clients through Sophos. Would setting the…
  • Static Routing Not working on SOPHOS XG Firewall.

    Hi Sophos Community, I am struggling to route traffic between two sophos over the Point to Point Connectivity as i am deploying my project in Eve Simulator but its not routing the traffic from the 10.10.0.5 PC towards the 192.168.3.30 Win Server and…
  • SD-20 - No Network traffic on rules

    Hello I've setup a new SD-20 in our office using the 4G Module that plugs into the SD-20, the unit seems to be in "failover" mode with the red status system light blinking red and others flashing green, the network is up and working i can access my…
  • TRAFFIC FROM LAN INTERFACE CAN'T GO TO BRACNCH VIA A WAN LINK.

    Traffic from my LAN interface cannot go to branch even though all policies are defined correctly. But the reverse worsks. Traffic from the branch are able to reach services at HQ. What might be the issue.
  • Moving services to go through other internet connections

    I'm sure there are some great articles and other topics about this, but I am unable to find these, so I'm asking! Basically I have a site with an xg firewall running 2 internet connections, basically here is what I want to do; Move Office365 services…
  • How to log Drops from advanced-firewall checks

    Hello, We have a clients-server based application, where the server is in a different vlan as the clients. The communication between both vlans is routed via SophosXG VLAN Interfaces. (XG430 / 18.5MR1) The GUI firewall rules are configured to…
  • RFC1918 WAN Interface

    Hey there! Simple (and maybe stupid) question: If I have a network like this: WAN | PPPoE Router (192.168.1.1) | (192.168.1.10) (Zone: WAN, Default gateway 192.168.1.1) Sophos XG (192.168.5.1) (Zone: LAN) | LAN (All IPs are with /24 subnet mask…
  • Check type of traffic used by host and only allow to pass through main Wan connection

    I have 2 wan connections, main, and LTE. LTE is only backup, and don't want to unnecessarily use it. I have IPTV subscription, and don't want it to use the LTE when main connection goes down. I know the IP address of the TV box. Can anyone tell me find…
  • Adding Second Interface with Different Public IP for Same Internet Connection

    We have a situation that I'm not sure how to proceed correctly. This location is currently utilizing two different firewalls - a Sophos XG 310 and a Sonicwall NSA 3500. The way this was originally configured, a small switch was put in place before the…
  • RBVPN, BGP, and multiple connections to home office

    RBVPN with BGP is up and running for a couple of my locations now on their primary DIA. Each site has a cellular backup device operating in NAT mode with two carriers - a primary and secondary - and I have a second VPN (tunnel interface) connection…
  • MPLS & SD-WAN Routing - What about the incoming traffic from the other site?

    I'm working with a client that has MPLS, a Cisco router and a Sophos XG. They plan to get rid of the MPLS at some point but for now it has to work. Site B got a Sophos XG firewall and we can get MPLS working using SD-WAN Routing and LAN devices (SiteB…
  • Having lan go out different wan

    Hi all, Under interfaces I have 2 wan addresses set with there respective gateways How would I configure a lan to go out that specific wan/gateway Do I do it under outbound nat (pfsense terminology) or make a normal firewall rule ie all that lan…
  • Route Based VPN - Send traffic back to main office

    I have several sites (Sophos XG/XGS on both sides) with DIA and cellular backup. Currently, with policy-based VPN and a failover group, the failover process is clunky and usually results in a very noticable interruption for the users. To help ease…
  • How restored connection can interact with SD-WAN and active connections

    Product: 2x XG210 (HA - Active and Passive) with SFOS 18.5MR1. I have a 3 Internet Connection (WAN). One is main (web browsing) and two for backup. One of two backup connection is used only for VoIP Call. I configure in WAN Link Manager in this…
  • HOW TO CONFIGURE MULTIPLE PRIVATE NETWORK TO USE SPESIFIC WAN?

    hello everyone, i need help to make sure our network working properly as our need. here details. i have two private network 192.168.19.0/24 network servers [dmz zone] 192.168.17.0/24 network our employer [lan zone] and i have three wan WAN…