Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • trouble with Diagnose

    Hi all, Sophos XGS SFOS 20.0.2 MR2. When I try to check a ping: It only accepts IP Addresses or names without capital letter! I can resolve blabla.domain.local but not BlaBla.domain.local "Please enter a vlid IP or hostname". Is that bug or…
  • Wireless modules on XGS 136

    Good day How do l configure wireless expansion modules on a XGS 136 firewall. Have done all the wireless settings on the firewall
  • PABX and SIP cant ping my sophos in

    I’m currently facing some connectivity challenges with my network setup. My PABX and SIP systems are working fine—they respond to ping requests, so they’re definitely online. However, I can’t seem to get any incoming connections from the PABX to my Sophos…
  • Zero Day Protection - Downloads & Attachments

    Hey guys, I have v21 installed and noticed a few entries under the Zero Day Attachments and Downloads. Some fantastic information in the reports and a bunch of screenshots of the documents / files and a desktop. Question: How is Sophos XGS taking…
  • SSL Remote Access VPN Bridge with directly connected router

    Hello, I have a situation where i need to assign IP addresses to SSL remote access VPN clients from a certain subnet (10.10.10.0/24), and bridge the connection with a router (10.10.10.1) connected to a DMZ interface. I understand that the firewall assigns…
  • rules

    1 Firewall 2024-10-26 14:10:51 Appliance Access Denied N/A 0 PortA1.10 10.10.1.3 10.10.1.255 137 …
  • Sophos Clientless SSL VPN RDP Bockmark

    Hi there, I am looking to configure a RDP Bockmark to allow our user to use the terminal servers on the road without using a VPN. Because of security reasons I want to use NLA, my question woud be is there any way to give the user the ability to change…
  • Firewall issue ping

    I recently add a new firewall for the branch office , so we have 2 firewalls one for the main office and one for the branch office, branch office can ping our ip's, but we from Main branch we can not ping any of their ip's, not even 1, it's really strange…
  • Rant - SSLVPN with Duo RADIUS Proxy Change after SFOS 20.0.0

    So, I wanted to post a bit of a rant here regarding an undocumented change to RADIUS authentication after SFOS 20.0.0 that has broken my DUO MFA implementation. For years I have had my users added from AD and I was able to pull multiple groups through…
  • Problem with URL Filtering

    Hello everyone!! I have a problem accessing a certain GitHub URL. For example, when I try to update Pi-hole the address objects.githubusercontent.com cannot be resolved: At first, I thought it was an issue with Pi-hole itself or with openDNS…
  • Sophos connect_2.3.2- installation issue.

    hi, i am trying to install SOPHOS connect but it is not being installed. detail is given below: Sophos connect_2.3.2-VPN.msi Microsoft Surface Laptop, 7th Edition Processor: Snapdragon(R) x 12 Core X1E80100 @ 3.40 GHz 3.42 GHz installed RAM: 16GB
  • HA

    Hi, we are using xgs3300 that is connected with Sophos central existing device is fully configured and in production we are planning to add one more device for ha. 1.if i will add one more device in ha the existing configuration backup i need to…
  • Site-To-Site Sophos <-> AWS VPC: BGP Issues

    Hi, we have a site-to-site tunnel from Sophos Firewall to AWS. Several local (sophos side) networks are appearing in AWS routing tables correctly. However, the SSL-VPN network will not appear in AWS routing tables. When I check bgp information…
  • XGS 136 rev2 Hardware Project Z136- 0.07 / 0.08 x64

    Just for my own curiosity, what is the difference between those two hardware models? Project Z136- 0.07 x64 Project Z136- 0.08 x64 faulty rma The faulty device has no network connectivity on Port 10,11,12
  • Site to Site VPN Authentication on reboots - Change PSK works

    I have multiple Sophos site to site VPN's back to a central router. Whenever any of the sites losing connection they all re-connect except for 1. The Sophos VPN logs show "Couldn't authenticate the local gateway. Check the authentication settings on both…
  • v21 Third Party Feeds

    Hey all With v21 accepting third party feeds I was hoping toi ingest the CTIS data from the ACSC but its in STIX format and the v21 only supports IoC one per line format. I have found a couple of IP Lists to pull threat data from to add. TorNodes…
  • Sophos SFOS v21 WAF

    Dear all, I have Installed the Sophos SFOS 21 on a VM on Hyper V, and I am facing Issues with the WAF. I have a internal WebServer where you can gain access over Port 8080, I want to know if it is possible to access the WEB-Server over Public…
  • Maximizing DLP using ONLY Sophos Firewall: Has anyone done it?

    Hey everyone, I'm aiming to achieve the highest possible standard of Data Loss Prevention (DLP) using only the Sophos Firewall, without integrating any additional systems or solutions. I don't have any specific requirements; my goal is simply to experiment…
  • Bloqueio conecxão App itau Desktop

    Olá Pessoal tudo bem? Me Chamo Marcos, estou fazendo a primeira implantaçao de um Firewall Sophos em um ambiente, o equipamento é um (XGS 107 Security Appliance). Fiz toda configuração inicial e ele ainda esta em modo padrão sem nenhum filtrou ou…
  • Firewall behind ISP Router

    Is there a way to check if the ISP router doesn't supports IKE2 causing IKE2 IPSEC tunnel to fail. A troubleshoot method or guide ? This is to proof to Service Providers that the problem lies in their end and not firewall.
  • AD SSO operations

    Hi, I’m struggling to find documentation about how Active Directory SSO operates (as opposed to how to set it up). The kind of questions I have are… Is the initial browser authentication transparent, or does the captive portal appear for login? …
  • XG firewall - Local ID for traffic

    Hello all, I currently have a XG firewall (FW-1), connected through IPSEC tunnel with another (FW-2). FW-1 has two LAN zones (LAN-A and LAN-B), both allowed through the IPSEC tunnel. FW-1 sends log messages (originated from the firewall itself…
  • ssl vpn query

    I have a question about SSL VPN auto connect. Can the user receive an automatic connection to the SSL VPN after restarting their computer and connecting to the internet?
  • Sophos Red 20 General Internet Access

    Hi, We have a RED 20 device that we recently purchased as a test device before looking to set multiple up across different sites, however we have found that our organisation's manual proxy blocks any internet access to anything not included in the proxy…
  • query related to sophos xgs wireless firewall.

    I have configured sophos xgs 107w firewall but i want to view users which are connected through wireless ssid