Hi all, I'm struggling with an issue since few days. I'm using SFOS 19.5.3 MR-3-Build652 and I can't establish a TLS connection between two hosts on different VLAN. I've a firewall rule that allows the hosts to communicate each other, the first…

Bom dia a todos. Alguem sabe se é possivel criar uma regra para nao permitir que alguns dispositivos acessem a internet somente consigam acessar a rede interna da empresa. Estou pensando em pegar os dispositivos pelo MAC e criar a regra para que…

Hello Friends, I just using Sophos Firewall XG310 SFOS 19.5.3 MR-3. All I know that order/sort of Rule and Policies position is affect to how Firewall Treatment on traffic flow. Kindly need advice, if I have a set of rule as below pict, what is the…

Good Day, Could anyone assist me? I have created a VLAN for CCTV to sperate from the company network. Want to allow the CCTV to be connecting from the WAN Port from our ISP to use the Public IP so that we can monitor the CCTV remotely without VPN…

hello today i tried to ipscan my network with a very larg range to check my network, the result shows there are many ranges that i am not aware of and they are not in my network, i ping them and i was able to run some ips in the browsers shows they…

Hi I have a XG and im trying to get 3CX working correctly. I have nat and firewall rules set but when i run a test from 3cx I'm getting the full cone error i cant see what I'm missing

I appreciate the fact that Firewall Rules can be grouped, as this makes for more flexibility in the sorting and managing of rules versus not. However... the default option for firewall rules is "Automatic" which if you forget to change, jams it into the…

A few users in our network use Python & Java scripts to connect to some services on AWS. The scripts work fine when bypassing the Sophos FW or using mobile hotspots. But when using Sophos the users see errors like this in their terminals: Exception…

Good day we are unable to access company websites inside the local area network. The websites are hosted outside our LAN.. We can ping the public IP address for the websites. Traceroute to the public IP address of the websites is completing And…

I have a web App opening with localhost:8443 and connecting to an SQL database in another server at port 1433. I have installed another DB in the same server where the WebApp is. When I try to connect to the database that is in the same VM as the WebApp…

We have a firewall rule allowing access to an internal server. Source and Destination HB must be green, also the rule has "Block clients with no heartbeat" enabled. The rule exists unchanged for years but recently we noticed users complaining that they…

Hello! I'd like to ask for your help, I've been using this great firewall for several years, but now I'm stuck. I have a small network at home in which I installed a docker host for testing purposes. I have found the best way to allow the docker containers…

Hi Everyone, I am new to Sophos firewall and I dont know much about this. Can any one tell me how to allow following port in Sophos XG135 (C1B0Cxxxxxxxxxx) CLOUC uses the following Ports HTTP, HTTPS and 9443 for the web console 5060 and 5061 TCP…

Hi, We have 2 types of IPsec and L2TP VPN users. one which have Intercept X on their systems and another which are normal users without Intercept X. Now we want to restrict users to access only from their specific machines. Like the users which have…

First, thank you, 2nd, sorry ;-) I just got my XGS4500 setup, very basic default setups. We use Unifi switches, we are migrating from a Meraki. We have all our Wifi working, all the VLANs and whatnot - but our printers (for whatever reason…

Hello everyone, I joined the Sophos community, after having tried UTM9, I was delighted with its simplicity and functionality/security, so I decided to migrate my company's firewall system to XGS 136, I thought well if UTM is already good, this one should…

Hi, IP Phones are connected to the firewall on WiFi VLAN, then redirected to the router via SIP trunk. SNAT is enabled to establish the VoIP service. My problem is, in the firewall rule, if we choose source devices using IP host group, it only connects…

i would like to allow ip addresses from a company such as cloudflare. however, their ip addresses will be changing. i would like to allow their ASN number so that i don't need to keep track of their ip addresses changes. is this possible?

Hi All, We have a network firewall rule setup to allow traffic to a WAN destination. However we can see in the logs that the traffic is getting blocked by the web filter component. We have a user network rule further down the list that allows access…

I notice many firewall denied firewall logs created by a rule, that is an allow rule only. Even more strange is, that the port 1027 logged is not contained in the rule. Watching the traffic with drppkt shows no blocked packets. Tcpdump shows the…

Hi, is it somehow possible to convert FirewallRule XML export from XG or XGS to some readable form for example to Excel with all needed items like list of all used source, destination networks etc. We need to convert XML to some sort of table form for…

(We are using XG550 active passive cluster with firmware 19.0.2) Hi community, today I have a strange problem again. As SOPHOS told us not to use custom network objects for ipsec/sslvpn related firewall rules, I created a firewall ruleset based…

Hi, when you attempt to delete a group and it is in a firewall rule you are disshown a message advising the that group exists in firewall rules or policies. If the group is in a SSL/TLS rule you are shown a message cannot be deleted, which is not very…

Hi, I am facing a problem with the LAN zone attached to multiple interfaces. FW: SFOS 19.5.2 MR-2-Build624 Setup: Port1: LAN (192.168.30.254/255.255.255.0) Port2: WAN Port3: LAN (192.168.32.254 /255.255.255.0) I've created the following test rule…

HI, I am using sophos-xg210 firewall any traffic that is not matched existing rule that will hit drop rule