Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • HA Configuration Correct port must be monitored LAN port 1

    Whenever my LAN port switch restart my both the HA firewall restart why it happen
  • Sophos XG and FIPS Compliancy

    Is there a plan for making a firmware revision FIPS compliant?
  • Awed service not running - Show failure-reason - Failed to start awed Service

    I am having some issues getting on the IP or from Sophos Central on the Sophos XG106 - running 19.5.2 MR-2 - build624. Putty shows these: Awed service not running - Show failure-reason - Failed to start awed Service Service -S shows this: Service…
  • SSL-VPN disconnect reason

    Hi! I can use Reports function to discover, for example, how many ssl-vpn accesses a user did yesterday. Is there a way to know if the disconnection, related to these accesses, occured due to timeout reason (set on 15 minuts for default)? Thanks for support…
  • Restore through CLI? possible?

    Restore through CLI? possible? I can see the backup at Var\conf\backupdata\ I am unable to get access through web - at IP and through sophos central.
  • @Admin user login failed while login to web GUI

    Hello Stalwarts, I am trying to login on web GUI portal @admin user but it is getting failed, I have reset the password Using console cable but the error is same when i try to access SSH it's working fine. How to find what is is the issue ? Thanks…
  • SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795

    in recent scanning, we received "SSH Terrapin Prefix Truncation Weakness (CVE-2023-48795)" vulnerability on port 22. just use this command in nmap "nmap -sV -p 22 --script ssh2-enum-algos 192.168.xxx.xxx" if it shows "chacha20-poly1305@openssh.com…
  • Can we configure PPPOE Internet connection on active passive HA firewall

    According to this article we can configure PPPOE on active passive but it is not working docs.sophos.com/.../index.html
  • License Count

    If license purchase 10 in portal but if 10 license full then we allowed to license for free once install the Sophos app.
  • Log viewer suggestion

    I have a suggestion for the Sophos Firewall. I would like to have a switch where I can hide entries that are empty or have a 0. Example: messageid="00002" log_type="Firewall" log_component="Firewall Rule" log_subtype="Denied" status="Deny" con_duration…
  • CA WebConsole not secure / https

    Dear collegues! When we access the Webconsole through the internal network https://xxx.xxx.xxx.xxx:port, the browser recognizes the certificate for https access as not secure. We are using the default Sophos certificate. How should I fix this problem…
  • Firewall HA, Active -Active Setup

    A firewall is configured in HA, Active-Active mode, can it cater double the size of users it is designed for? Ex. XGS3100 (2nos) configured in HA, Active-Active load balancing mode. Can it Cater 1000 concurrent users?
  • What's Not Included in an SFOS Restore?

    Before I completely decommission a bunch of XG firewalls, what is still sitting on these old firewalls that wasn't transferred in a backup/restore to newer XGS hardware? Hoping someone has some info they can share to save me a few hours in working it…
  • branch office VPN on brand new firewall

    Hello, this is not question. Just one experience which surprised me. I got new firewall for customer which used XG platform. Made migration of configuration and due to terms of old licence I was in hurry with implementation. I noticed that new firewall…
  • What does the file in "16386" /var/newdb/base/ actually do?

    Hi all, Just a quick question before I use the technical support for this one, hopefully somebody knows and can help me with this. We have been notified by our firewall, which is a Sophos XGS6500, that it's report disk is almost full. We check this…
  • API-Import not working with Error "Action with NOFAIL Failed."

    Hello everyone, so I created a Powershell Script to get the M365 Endpoint URLs and IP-Ranges to Import them as an Object into the Firewall. But when I try to Import it it only throws an Error that the file format is not supported. Here is the Output…
  • Can't Upgrade from 19.5.3 to 19.5.4

    Howdy, Before I engage in the time consuming and soul sucking experience of contacting Support, does anyone know why I'm getting the following when trying to upgrade 19.5.3 to 19.5.4 either though Download/Install via the Firmware page, or uploading…
  • How simulate crashes on HA to validate?

    Hi Folks I've noticed several similar issues with HA Sophos Firewall on some end customers. We use Active-Passive HA. When primary firewall crashes for some unknown reason (I'll check more information to understand at community.sophos.com/.../finding…
  • Is possible to enable FTP and email backup at the same time?

    Hi!. It's possible this? All my firewalls have email scheduled backup. But now, I want to enable FTP without disabling email. On the other hand, I have read this post and think it's an important feature for FTP backups. Thanks.
  • Update Certificates via API: Did I get it right?

    In 2018, Sophos integrated Let's Encrypt with their UTM series, leaving XG(S) users anticipating a similar feature. Many, including us, have turned to API solutions due to the lack of progress which is fine. However, the XG API feels less refined compared…
  • XG230: "snmpwalk" utility reaches the device via SNMP v2 but not via SNMP v3

    i enabled SNMP v2 agent on Sophos XG230 and successfully tested it from a remote server: snmpwalk -v2c -c mycstring 172.16.0.1 1.3.6.1.6.3.10.2.1.1.0 iso.3.6.1.6.3.10.2.1.1.0 = Hex-STRING: xxx then i enabled SNMP v3 (authentication only, no encryption…
  • Where do i find SNMP Engine ID??

    I have: XG230 (SFOS 19.5.3 MR-3-Build652) XG125 (SFOS 19.5.2 MR-2-Build624) I searched in: CONFIGURE - System services (all available tabs there) SYSTEM - Administration (all available tabs there) google searche returns NOTHING or USELESS…
  • VPN Portal and Login Security

    After upgrading to SFOS 20.0.0 GA i activated the new VPN portal. We use only SSLVPN. If SSLVPN is running on port 443 and the VPN Portal on port 444 (or any other), the authentication log displays the correct SRC IP. This allows "Login Security" to…
  • Unusual incorrect login attempt in the Admin Portal

    Hello, we have got a notification from the xg that a login was attempted for the admin portal. The admin portal is inaccessible from the internet. Message: The administrative access from IP Address '84.19.xxx.xxx' is blocked for '5'…
  • Sophos firewall backup issue.

    Sophos Firewall backup issue when we are trying to take backup from firewall it is prompting an error message "Backup could not be sent due to incorrect server configuration". We have rebooted the firewall multiple times then it is working fine also,…