Hello, we have a VPN-tunnel from our XG330 (SFOS 20.0.2 MR-2) to Azure and want to host a web application in azure. The VPN Tunnel was done via the configuration file and is route based, with the xfrm interfaces being in the169.254.0.0/30 subnet…

I have my certificates in a folder and I'm looking for a script that will update them when there is a change so that waf will continue working without manual intervention. I have very little experience scripting, I can read and understand more or less…

Hi! Recently I want to configure a VIP with SSL termination on my Sophos Firewall 20 running as a VM. I have the SSL cert imported (+CA - there was no Let's encrypt E5 CA so I added it). I want to start from something really simple - Outside LAN to…

Hi, We purchased WAF License to publish Exchange OWA, HTTPS. What is the proper way to publish on-premise Exchange 2013 on XG Firewall? Thanks.

Trying to create a WAF rule and it's thowing an error " Service is already configured on the specified port, choose another port" I've checked all firewall rules, NAT rules, admin/user settings, SSLVPN and can't find this port being used anywhere. …

I'm experiencing with the API and Postman. We use a wildcard-certificate and I wants to update all WAF-Rules at once. Becuase the GUI-way ist very hard (every time set the certificate, all domains will be dropped and the domain from the certificate only…

Dear all, I have Installed the Sophos SFOS 21 on a VM on Hyper V, and I am facing Issues with the WAF. I have a internal WebServer where you can gain access over Port 8080, I want to know if it is possible to access the WEB-Server over Public…

Hi i want to ask the configuration of (WAF) regarding customer request to enable an additional port, specifically port 11883.HTTPS is currently enabled and functioning without issues. To accommodate the client’s request for port 11883, I have created…

Many of us are using Cloudflare or similar services to protected their Extranet / Webmail and other public websites using the Sophos WAF. It's possible to display the real IP addresses on any Linux servers behind the firewall by enabling Pass host header…

Hi, we have added a web server behind the WAF in DMZ zone. LAN/WAN- we can access the web server through a public IP address. we have a backup server in the LAN zone. How to do backup Lan to Dmz zone using public IP or private IP of server…

Hi anyone can help me,currently i have implement WAF to my mailserver that have activesync,for now the waf rules listener port are 443 but how to allow any services like smtp/smtps/imap/ or pop3.im facing issue with slow login and cannot sent email out…

Hi Community Members, I hope this message finds you well. I am currently exploring the best practices for protecting web servers, particularly in scenarios where the firewall is not acting as the gateway, The XGS also acting a reversed Proxy.. Your…

Hi All, Sorry if this has been asked previously, I have combed through the forums and could not find a solution or direct discussion to this specific issue I am facing. We have signed up for the Sophos XG Firewall via the Azure marketplace image. I am…

When I go to edit the certificate and upload the certificate which is due for renewal ( every 13 months ), it fails with the following error at the top center of the screen: Certificate could not be updated as it is already used by HTTP Based Policy…

As with our current Sophos XGS Firewall Rules and Policies configurations, the Citrix Netscaler 2FA authentication is working. We started planning of using the Sophos XG Firewall Web Server Protection. The license required were purchased and registered…

Hi everyone, I am trying to find out if I can use the WAF rules to stop certain HTTP methods for connections to one of our web servers. I would like to try to only allow GET and POST and deny any of the others such as "DEBUG", "CONNECT", "PUT", "UPDATE…

Hello, need help for configurate Sophos XGS to protect Exchange OWA from brute force. S erver is behind DNAT

Dear Friends: I’ve been following this article because none of my reports were working. Sophos Firewall: No reports show After flushing the reports, it appears as though I never completed the configuration of my WAF certificates. So, I decided…

Hi, I have set up a new Web server protection rule following this guide. Everything works fine using port 80, but when I change the port to 1001, I get 503 Service Unavailable: Web server : IIS (Windows 11). Binding: Type: HTTP, IP address: all…

WAF rule not working for a website that hosted on internal IP in windows server 2012

With reference to below doc https://docs.sophos.com/nsg/sophos-firewall/20.0/help/en-us/webhelp/onlinehelp/AdministratorHelp/WebServer/AuthenticationTemplates/index.html Is there any variable available to get client ip address? Example "client_ip…

Hello, we have also this problem and cannot send larger emails from mobile phones throuth our XG135 firewall. (ActiveSync) What are the steps to fix this problem? (1MB Limit) Thank you

Hello Sophos Community, We are migrating from a UTM 9 unit to a new Sophos Firewall unit and I've setup a WAF rule for two internal web servers. When setting up the firewall rule, I chose the Action dropdown option of "Protect with web server protection…

Hi all, I'm looking for a bit of hand holding and guidance here. What I am trying to do is allow access to internal containers hosting multiple websites and applications. I have a fresh Sophos Setup with no special custom rules or anything yet. I have…

Gday Needed to forward 25 ports to a webserver using WAF. I can't for the life of me work out how to enter in more than one port to either. Surely I don't need to create 25 webserver and 25 WAF rules? Anyone done this before?