Issue Summary: Slow Speed test SSL/TLS Inspection Summary of Call Discussion: Traffic for the test system (172.xxx.xx.8) was passing through rule ID #2. We observed a speed of 36 Mbps with the SSL/TLS inspection rule enabled. After disabling the…

Dear good evening, I have a firewall migration requirement for a client who has a Sophos XG450 firewall in version SFOS 19.0.2 MR-2 Build472 and wants to migrate to a new XGS4500 computer. Is it possible to do this migration by generating a backup…

I tried to register a RMA firewall with SFOS 21 EAP after it has been claimed in Central. It did not work. Either Administration -> "Registration" failed also Sophos Central -> "Sophos Central registration" failed Live Log found: 1970…

I have XGS 116 with 20.0.1 MR-1-Build342. Using a MAC computer, gets the "File Import Error" error when connecting to VPN using Sophos Connect, the same config file is processed on the device with the windows operating system and it works smoothly.…

Hello, I found a solution where IPSec networks are distributed via OSPF and would like to know if this is correct? Can I use this in a productive environment? 1. SSH -> 4. Device Console 2. system ipsec_route add net 192.168.123.0/255.255.255.0 tunnelname…

[POST DE DEBATE SOBRE O ASSUNTO] Opa pessoal! Em minha infraestrutura eu tenho o escritório na matriz (XGS 3100) conectado a outros quatro escritórios filiais (XGS 136) por Tunel RED, utilizando a configuração RED Server no escritório matriz e RED Client…

Good morning. I have been looking for information about the use of Traffic Shaping / QoS and applied what is indicated but in my case it is not working for me. I have 2 offices, each with a Sophos firewall. The server in office A sends data to the…

Hi everybody, we have installed a Sophos v20 MR2. However, we had to realize that the spam filtering is very poor compared to the UTM. The Sophos is acting as an MX and works in MTA mode. Spam protection is active as a policy and basically has all options…

Hi, i was just wondering if it's possible with the latest SFOS to backup and restore from a XG 210 to a XGS 2300 and from a XG 230 to a XGS 2100? Thnaks alot!

We are wanting to connect our remote office, which is in a managed/shared office space building, to our head office. We have no control over the shared office netowrk. We have a XGS in the managed office space. The internet connection is supplied…

Hi, after updating to 20.0.2 the Site to Site VPN connection between our XGS (Host) and the Fritzbox is not working anymore. Before the Update is was workking without any problems. A downgrade to 20.0.0 is also impossible as the XGS always tells Firmware…

Hi, We have configured a HA in the site and it was working fine from last one year, HA degraded yesterday, Primary device is showing faulty All the cable connections are working fine, How to resolve this issue ? What would be the reason for…

Hi Community... Please assist - Customer has a sophos 125 XG SFOS 20.0.2 running web filter and support license only- Web filtering works fine - Customer requested a report on a specific user on websites visited/ internet usage - Reports show IP address…

hello, I have a really old queued mail found within mail spool. in this case the email is not (was not) important, but how can that happen? In the meantime, many new emails have been delivered from the same sender to the same recipient. I'm asking because…

Hi, We need to establish a multiple site to site IPSEC VPN with a XG86w as the HQ. Both remote sites have a TELTONIKA RUT240 router. I am able to ping from HQ both remote sites, and from each remote site the HQ, but can’t ping a remote site from…

Many of us are using Cloudflare or similar services to protected their Extranet / Webmail and other public websites using the Sophos WAF. It's possible to display the real IP addresses on any Linux servers behind the firewall by enabling Pass host header…

Hi, we have a problem with transferring syslog from Sophos firewall to the Arcsight SmartConnector. When we try UDP, logs can be seen in connector. However, with TLS communication fails. This is only example, but ours handshake also fails at Change…

Hello, We are currently using an XGS firewall and would like to give users access to internal resources via SSL VPN. Several SSL VPN policies are available for this purpose. The users are in different groups and these are assigned to different SSL VPN…

Hi Configured one more WAN IP in the Sophos XGS136, link is up but traffic is not moving through new link, checked load balancing, everything is looking fine Pervious link is working fine, however the new link is not working, able to ping 8.8.8…

Hello World. I have a question that I already believe I know the answer to but I figured I'd ask anyway. I have Comcast Gateway that has its own wireless built in of course. I want to firewall the wireless connectivity behind my Sophos firewall. Is…

I Need help regarding my ipsec. I have two sites HQ and remote site. The firewall is connected through ipsec. I have set both inbound and outboud rules. But am still not able to ping each end of the firewall or to remotely access resources at HQ. Kindly…

Hey Guys, I am using the Sophos XG as DHCP server which provides two DNS servers. One is a Pihole and the other one is the SophosXG itself. So normally the devices should resolve internal and external domains via Pihole, but when it is not available…

My server is Sophos Firewall XG125 (SFOS 17.5.16 MR-16-Build830). Sophos connect works perfectly but the .ovpn file downloaded(via user interface) will not connect. I also used the details from the .tgb to build a config file for strongswan, but didn…

Affected Version: SFOS 20.0.2 MR-2-Build378 When creating a new SMTP route & scan policy in Protect > E-Mail > Policies & exceptions you are unable to enable "Reject based on RBL". When you already have an existing SMTP Route & scan policy with "Reject…

Hi guys I can't see the wood for the trees -- so please forgive me this (probably stupid) question: When using PSK for IPsec without certificates, everything is working properly. It asks for password (or I save my password) click Connect and it works…