Hello Everyone. I have a Sophos XG firewall with severals Web Server protected trought WAF. Eveything works fine. But I need to do a specific configuration : I have to block a specific path so that it can be access only trought an IP address (that…

Hi On a Sophos XG with "Web server protection," we host a website (WAF). Now that http/2 is available, our contractor wants to make adjustments to our website. He inquired about the WAF's support for http/2 and whether that was OK. Only the fact…

Hi I have a new ADFS 2019 system behind a WAF on XG. The external tests keep telling me it has Strict Transport Security (HSTS) off. Is there a setting on the XG that affects this when putting a local server behind the WAF or have I missed something…

Hi We're hosting a Website behind the "Web server protection" (WAF) on a Sophos XG. Now our contrator is planning to update our website to use http/2. He asked if that is ok and whether the WAF support http/2. I only found information about Sophos…

Hello all. I'm trying to add a new "Protection Policy". When I fill in everything and press "Save"... nothing happens. I think the "Save" button goes from a dark blue to a lighter blue, but nothing saves, no messages, no refreshes, nothing. No feedback…

Hello, I'm having some trouble wit the webserver protection for an Exchange 2016 Cluster. We're running a brand new XGS3300 firewall cluster in our datacenter with 10 Gig internet connection. I've configured only IPS rules for the Exchange Webserver…

Hi there Last week, my wildcard certificate expired. No biggie. Got a new one, imported it into the firewall, everything ok. When I selected the new certificate in my WAF rules, I was able to save this configuration and expected the firewall to use…

Hello everyone, is Sophos WAF okay with redirecting http://wwww:aaa to https://wwww:aaa ? It seems to be okay with default http and https ports, but not working with non-default ports

Hi, I'am lokking for some help to come over a problem with Exchange 2019 and WAF with static URL hardening. I use this poular documentation here: https://www.frankysweb.de/sophos-xg-18-webserver-protection-und-exchange-2019/ and it did not work as…

Hello all, we are using a XGS 2100 with os19. Simple network. WAN. LAN. DMZ and SSL VPN. Configured a webserver with WAF rule located in the DMZ. So far works fine from external users accessing the webserver on its public ip. The clients in…

Hi, We are having som issues with sending mails from Apple devices using Apple mail - it seems to be related to NC-62805 https://community.sophos.com/sophos-xg-firewall/f/discussions/127826/sophos-xg-18-0-3-active-sync-email-problem https://community…

hi i have two server using https mail server and web server when i want to access from outside to the sever web it load always the mail server, and when i change port to 80 it work but i want to use https for web server. pls any help i have sophos…

Hi guys I have a general and maybe basic WAF / reverse proxy question: I do use some ressources from WAN-side by setting up a "simple" Firewall and DNAT rule to port-forward these ressources. Clients that match the firewall rule have access by calling…

Hello We're trying to use a Webserver behind web server protection (Sophos XG) where clients have to authenticate themself with a certificate. We're able to reach the Website and we can authenticate with username and Password. But, however, our clients…

Hi, my website got some serious attacks from different locations. Can I secure my website with Sophos Firewall? My site url is https://www.autoreinigung-noack.de/ . Any help will be appreciated

Hello everyone. I have enabled a WAF protection policy on my website. And now I have some WAF anomaly. Problem is I can't find the reason of the anomaly. Here is the log that I have in the log viewer : 2022-06-18 12:00:41Web server protectionmessageid…

Hi to all, We have configured WAF for WEB Protection Rule but when a operator try to upload news content on web upload the Sophos XG Denies to upload news content to published, see the denied log. /Media/InsertContent/11224 WAF…

Hello Community, we had the problem with the WAF of our firewall. We cant sent mail with a attachement size over 1MB. My collegue Denis Neugebauer find a solution in some other forums. Here is the solution (in German -> use DeepL.com): # Vorwort…

Hopefully this can help others. I'm running the home licensed version and just recently moved to v19 I have a few WAF's that are configured externally this script is to do the following. Renew Multiple certificates that are already configured…

I'm getting following error in WAF-log: ModSecurity: Request body no files data length is larger than the configured limit (1048576) Is there a new switch in gui or command line to increase 1 MB limit in V19? There were forum posts some years and…

Hello everyone , I have a problem with my WAF rules. It no longer works, the problem happened all of a sudden without me changing anything on my configuration. Only forward port rules work correctly. I have already rebooted my router. I even deleted…

Discovered a scenario that I can't get working in Azure, which seems like a limitation on the XG. We setup a policy-based VPN to one of our customers which needs to access one of our web-apps. The customer requires that RFC-1918 is not used in VPN traffic…

I am trying to get my ActiveSync setup to work across my Sophos XG 18.5.3 MR-3 install. I follow the recipe found at https://support.sophos.com/support/s/article/KB-000040209?language=en_US When I try to save the firewall rule mentioned towards the…

We have a web server that sends websocket requests when being accessed. We are able to make it work through HTTP traffic, but when we got an SSL certificate to make it HTTPS, the websocket requests fails. I have tried using Path-Specific Routing to…

Hello guys. I am using waf and I noticed that when Rewrite HTML is checked javascript is not loading. For example I have a phpsysinfo script running. When I access it, while it is supposed to use bootstrap to display the page, it redirects me to the…