Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • XG in MTA mode and 3 WAN-Interfaces ... unable to select the correct outbound interface

    Hi, configured XG 18.0.4 in MTA mode to send outgoing mail using a single interface. But XG use another interface ... i have 3 Gateways ... SMTP should use GW_WAN Some hints where the error could be? Thanks, Dirk
  • HOW TO SELECT SPECIFIC GATEWAY

    Hi, I am new to Sophos Firewall XG. I have two ISP with different gateways: 1.1.1.1 and 2.2.2.2 (not real gateways) Now I want end users who are using internet to be connected to gateway 1.1.1.1 and for VPN users connected to gateway 2.2.2.2.…
  • 18.04 route_precedence not working for VPN Routes

    our customer has an IPSEC VPN Tunnel to a bunch of 10.x.x.x/y destinations. Also he has a summarised 10.0.0.0/8 pointing towards another directly connected router (10.116.35.1). they are not the same destinations. The IPSEC Traffic must go over…
  • XG V18 how to ? 3x WAN

    hello I have a new XG V18 with 3x WAN lines. e.g. WAN1 = 11.11.11.11 WAN2 = 22.22.22.22 WAN3 = 33.33.33.33 I want that an internal server / client 192.168.1.222 communicates only over the WAN3 out. How to do this in V18? Thanks
  • SOPHOS XG v18 with 2xisp and 1x data circuit

    Hi, i have XG V18 Mr4 with 2xISP for Internet and one MPLS Data link to get connected with my head office. Q1: I want to do load balancing and failover in 2xISP. in V17, this was simple by using firewall rule. i can select primay gateway and backup…
  • CONFIGURING MULTIPLE WAN INTERFACE IN SOPHOS FIREWALL

    Good Evening, I have two public ip addresses from two different ISP's .How do I configure an additional WAN interface to accommodate the two ip addresses of different blocks from the ISP'S.I also want to implement load balancing on the sophos appliance…
  • Unable to load SD-wan page and other pages of the Sophos management portal

    I am able to login to the management portal, but when I try to access certain services like the SD-Wan policy routing the xg device gets frozen and I have to reload the page. This is also happening when I try to access other services like the policy tester…
  • Redundant Internet out LAN Zone

    Setup: Two different sites running XG units. Each site has it's own dedicated internet connection. The two sites are connected to each other via private fiber into Eth4 (LAN Zone) on the respective XG which provides access to resources at each location…
  • sd-red / QoS

    Hi, is there a way to apply QoS on SD-RED device?
  • sdwan routing not working

    I have an XG210 and an XG106. They are connected by a private circuit on port 2 of each device, and traffic has existing static routes on each to use that to reach private subnets at each end, etc. We are now turning up IPSEC VPN between them, using…
  • Route Group of Devices Out 2nd WAN

    Hi All, I have a network of about 10 Laptops/Desktop with 3 IP Phones that connect to a remote phone system. I'm trying to setup a policy that has the 3 IP homes in it and can send there traffic out of the 2nd WAN port thus leaving the other devices…
  • secondary internet connection

    Good afternoon, I would like to know if there is any configuration to help me solve a demand. I have 2 working servers and 2 internet links (redundant) I need my server 2 to use my secondary internet link, as it uploads some files to the cloud, and…
  • SD-WAN routing using SD-RED

    I've got a number of sites connected to a XG310 via RED devices (mostly RED50). Is it possible to do any SD-WAN policy routing using the RED or does it really require a XG firewall at the other end? I would think it can't, since the RED's do minimal work…
  • SD-WAN , Multiple Wan ISP , Multiple LANs , Didn't Worked in v18

    Hello, I have an issue with the new firmware v18 in the XG Firewall, regarding the SD-Wan, I tried to build multiple Wans Interfaces and route the traffic depending on the LAN subnets, the issue happened when I create 2 WANS routes policies, the local…
  • More SDWAN Issues

    Good Morning, I have migrated a client with a main office and 4 branch offices to SDWAN. I have one issue that I am seeing and I haven't found any references. The remote sites will attempt to download files from a *ix server at the main office. This…
  • Renew DHCP on WAN interface automatically

    I have a reoccurring problem with one of the WAN connections. I currently have two internet connections, one VDSL and one 4G. The 4G connection is a RUT240 in bridge mode. Every so often the IP is renewed by the ISP but Sophos doesn't pick up on this…
  • V18 NAT / SD-WAN *Issue Resurrected*

    Good morning Sophos Staff, This is still a valid issue. I understand you created the SD-WAN ruleset decoupled from the firewall/nat rules. However, your objective was too narrow. Correct me if I am wrong. This is my understanding. In order…
  • SOPHOS XG86 Issue with SDWAN Routing

    Hi to all Sophos Experts! I would like to share my experience with my SOPHOS XG86 Firewall. I tried to create a new firewall policy after updating the firmware to v18. I did some test and I encountered a weird issue with routing wherein when I selected…
  • SD-WAN / VLAN Routing issue

    I've been having an issue with V18 MR-4 for some time now and really can't seem to figure it out. I have a workstation 172.30.30.104 attempting to ping a printer 172.20.20.30. As you can see in the capture below, the ping reaches the printer and it attempts…
  • Configure SD Wan to 2 ISP's

    Hi All I configured as below : Lan1 ( servers ) :10.2.0.x Lan2 ( employees) 10.3.0.x and i have 2 Wan ports each with different ISP WAN1 , WAN2 After I Built the SD-Wan Configuration as: Lan 1 > WAN 1 Lan 2 > WAN 2 The policies between…
  • SD-WAN policy does not work as expected

    I have two links in the company and I'm trying to set up an SD-WAN policy for a given network to exit through one of these LINKS, but some sites only show TIMED_OUT, it's as if the connection started but couldn't finish. I have already confirmed the settings…
  • XG Firewall-Force Web Browsing To Use Specific WAN Link?

    Hello: We have an XG210 firewall that has three WAN links. Link 1: Sprint (50 Mbps) Link 2: Comcast (125 Mbps) Link 3: AT&T (50 Mbps) Links 1 and 2 are in the active/active state with load balancing and Link 3 is set for failover. I would…
  • Multipath equivalent on XG V18

    Hello! We used to use multipath rules in UTM to send all traffic from certain hosts (or networks) through a specific WAN interface. How could'I perform this requirement in XG V18 ? Thak you and best regards
  • Can Heartbeat information be shared across firewalls

    In a nutshell: Is it possible for firewalls across an estate to share information about endpoints' HeartBeat status (and user ID)? Consider the following scenario: A Head Office XG has firewall rules that require a minimum HB status for devices (e.g…
  • IP Interface change (WWAN) and SDWAN routing with tunnel interface [xfrm1] (v18)

    I have a WWAN (an USB Internet key) that I use as "backup", it's active and use for some specific traffic.... The configuration of WWAN is show below: I need to change Gateway IP because I have a remote network (192.168.1.0/24) that I reached with…