Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • What to do in failsafe mode

    I just had a very bad experience updating XGS126 from 19.0MR1 to 19.0MR3 to 20.0GA in active-passive HA. Node A Primary Node B Aux Update to 19.0MR3 seems to be fine. As Node B updated, restarted and became Primary and Node A updated and became Aux…
  • Forgotten Admin Password of auxilliary device (devices on HA)

    Hi all, xg330 on HA I had my HA mounted almost a year ago and I remember well that I wrote down the admin passwords for the primary and secondary device for my HA pair. Today, I just wanted to access the secondary to check a few points, but I discovered…
  • LoggingDaemon service dead or stopped

    I noticed that I had no logs on firewall and it was saying "loggindaemon dead". So I tried to restart the service with the command service garner:restart -ds nosync The resalts as shown below : XGS4300_AM02_SFOS 19.5.3 MR-3-Build652 HA-Primary#…
  • Sophos XG 125 load in failsafe mode.

    Hello, I have a problem with my firewall sophos XG 125 that loads in failsafe mode. When I write failsafe> show failure-reason I receive the following message: “Unable to apply Firewall Framework.” I have tried to reimage the firmware using SFLoader…
  • Successful login notification email

    I just setup my new firewall XGS2100 and coming from an SG210 I am noticing that there isnt a function in the web interface so that each time a successful login to the admin webinterface an email is sent Is there a way to do it somehow as there is only…
  • Redundant PSU with XGS136 - possible to check status from GUI/CLI ??

    Hi everyone, We have 2 power supplies on the XGS136. Is it possible to check their condition remotely? GUI/CLI would be possible. We don't have SNMT there. Thx
  • XGS136 on 18.5.1 MR-1-build326 upgrade path confusion to 19.5.4

    Came across a xgs136 on 18.5.1 mr-1build326: 19.5.4 MR4 and 20.0.0GA are listed as latest available. Went to this page to check upgrade path recommendations: https://docs.sophos.com/releasenotes/index.html?productGroupID=nsg&productID=xg&versionID=19…
  • Sophos XGS 3100 SNMP V3 Trap not working

    Hello everyone we are currently testing the shipment of SNMP V3 traps. Unfortunately, we notice that new engine IDs are constantly being sent by Sophos. Sending the traps with V2C works fine. I've been testing all morning and looking at the trap receiver…
  • ips.log filling up disk

    We have XG210 with SFOS 19.5.4. I've noticed ips.log filling up /var partition till there is no free space on disk and it causes device to boot into fail-safe mode. Stopping IPS service stops log file from growing but when I restart IPS service, this…
  • Too many failed sign-in attempts - what is happening!?

    Hi all, I've been receiving this alert for a while now, let's say at least 2 years!!!, at varying frequencies. sometimes several times a day, sometimes a few times a month. when I check the hosts, I don't find anything in particular, sometimes it even…
  • Replacing expired certificate

    Is there a simple way to replace an expired certificate without having to manually replace it with a valid one in all WAF rules and other places where it is used?
  • upgrade firmware sophos xg 330

    Hi, I hope you're doing well I have a technical question about updating the company's central FW firmware (sophos xg 330) The current version of SFOS is: but The latest available firmware displayed on the console are: I think i can not download…
  • /dev/var getting full -> no space for logs

    Sophos XGS 3300 v20.0.0: - got the watermark message that the 80% report limit is reached /dev/var 179.7G 142.9G 36.8G 80% /var - when checking the content of /var 12.0K WING 20.0K archieve 235.2M avira4 7.5M certcache 8.9M common-password 1.7M conf 4…
  • backup config to FTP with custom port number

    Configuring Sophos Firewall to back up config file to FTP server. Settings page has a field for the FTP server IP, but there seems to be no way to specify the port number. My FTP server was using Port 21, and this worked fine, so I assume that Sophos…
  • HA interactive: "Peer administration IP" and "Interface IP address" must be in the same network

    I try to setup interactive HA on XGS 126 SFOS v20 I used to setup devices this way, now I must use the same IP range for HA and management? The HA Link should be /30 network with only the HA IP - why must the management IP be in the HA network? …
  • Certificate renewal fail

    Hi, Our certificate for the site expires today and we've tried uploading a new one and it's imported but it's listed as untrusted. It's an Alpha SSL certificate and our service provider gave us the .csr and .key file. We copied the contents of the…
  • XGS2300 admin page become white page

    XGS2300 admin page become white page, after creating a user with admin auditor profile. CLI (advanced shell)? You might need to use a SSH console. service tomcat:restart -d -s nosync service apache:restart -d -s nosync Thanks to this : Blank white…
  • Subscription renewal - expiry today - will it really apply the renewal license bought automatically?

    A XG license expires today. I have received the Renewal Certificate. Central Licensing and XG licensing show the subscription will expire today. Expiration date of current subscription is Feb 22. Renewal Start date is Feb 23. Looks like a…
  • https service in wan zone

    Dears, I have a two firewalls, main firewall and a secondary firewall, and there is a connection between them through a VPN, in the past, access to the remte firewall from the main headquarters was through the VPN port, but now, when I want to enable…
  • XG 230 to XGS 2300 migration

    Hi, We are upgrading from an XG 230 to an XGS 2300 and just want to check a couple of things. We will be exporting the configuration from the XG 230 and import into the XGS 2300, will aim to have both on the same firmware version when doing this…
  • [TUTO] Configurer Cloud Discovery avec Sophos XG

    Bonjour à tous, Après plusieurs jours de recherche, je n'ai trouvé aucune solution sur aucun forum. Je vais donc essayer de répondre à vos interrogations pour les futures personnes souhaitant configurer Sophos XG avec Microsoft Cloud Discovery. Étape…
  • Notification on Certificate expiration

    Hello, we have multiple environments of Sophos SG and XG Clusters. As we are not able to check every Cluster itself we automated a notification for WAF Certificate Expiration. On SG this is built-in but not so on the XG. I searched a little, and…
  • How to create a scheduled CSV report from XG125 FW?

    Dear all, Just having a problem creating a scheduled compliance report on my XG125 in a CSV format via email, Steps taken are as follows: Reports > Compliance > 'Show events' > 'System Events' in the table presented I filter by contains 'DHCP Server…
  • Sophos XGS 2100 cluster reboots itself

    Hello, in the last weeks our XGS2100 Firewall cluster rebooted itself a few times - and there's no real pattern. Without warning I receive this email: Dear Administrator, You are receiving this auto-generated message from Sophos Notification System…
  • SMTP defer on Sophos XGS 126

    Hello, I'm experiencing an issue where I cannot send email notifications from the Sophos XGS 126 router. The emails remain in the spool folder. from log files 2024-02-12 14:26:00.736Z [4965] 1xZrDX-8Lgj0V-JN == support@s***.si R=router_for_notifications…