Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • Guest Network - XG port 8090 (IPS error messages) not accessible

    I have my network segmented and am using web filtering on our GUEST network to ensure that certain content is not accessible to visitors or my kids. I have Captive Portal enabled in Administration on my GUEST network, however; when a someone tries to…
  • Silently drop requests to denied URL categories?

    Hi, Is there is way in XG to silently drop requests to URLs in blocked categories (via the web filter or otherwise), rather than presenting the user the block message? I know I can block in firewall rules based on FQDN, and silently drop, but I would…
  • Sophos XG Website blocked

    Hello People, i have currently a problem with opening two Website. The Website is www.existenzgruender.de with the IP 46.254.122.16 From any other Client, without Firewall, the Website can be opend. We have the same Problem with www.nexxt…
  • Possible to apply "warn" action to an FQDN host group?

    Is it possible in the web filtering to apply a "warn" action with an FQDN host group as the activity? The specific situation I am thinking of is there is a website we want to configure as "warn", but then if the user chooses to proceed, then we need to…
  • Email blocked with web filtering

    We have a Sophos XG 310 , firmware v19.0.1 , The firewall is blocking emails, with web filtering, we have not configured any policy to block emails, Instead we configured a policy to allow outlook.com , office 365. but if we put web filtering on the firewall…
  • Web User Notifications Customization W/ Country Groups

    Hi we have been locking down the outgoing web requests to certain countries via Country groups via some default rules at the top of the chain of LAN-WAN rules . Occasionally we've had a user request for certain urls to be unblocked and use the exclusions…
  • SSL/TLS Inspection Issues

    Hello, i installed yesterday the firmware. After that i was faced with following issue: In SSL Inspection i habve 3 rules in the following order: 1. Exclusions by website 2. a rule with no decryption enabled from LAN with the Range of Smartphones…
  • i need to allow youtube for specific user in web policy we are using ip based policy.so please help me .

    Hi. i need to allow youtube for specific user in web policy we are using ip based policy.so please help me .
  • Google Meet Issues

    Hi All, Spent weeks with "support" to get Google Meet recordings to reliably work but haven't got anywhere, the final straw for me was after nearly 20 hours across multiple phone calls they asked me to reboot the firewall, despite a reboot being carried…
  • TLS packets not being passed on one link

    Hey there, We've got a weird issue with one application failing because it looks like the XG isn't forwarding the TLS packets appropriately on one link. A: XG135 (SFOS 19.0.1 MR-1-Build365) 10.109.10.250 B: XG330 (SFOS 19.0.1 MR-1-Build365…
  • HTTPS decryption exception for dropbox server

    Hello everyone, I´m trying to sync my local files using the dropbox app, but it looks like there´s an url that I have to add into the https decryption exception. Has someone the complet list of the url used by dropbox that doesn´t accept the https decryption…
  • Troubles syncing with the cloud servers

    Hello, I have a MacBook Pro device, and I'm having troubles to sync my local files with cloud servers, like iCloud, dropbox, OneDrive, Goodnotes. I don't know if it's something related to https decryption or something like that. Has someone an idea…
  • Sophos Firewall - How to manage multiple web exclusions over multiple firewalls

    Hello, I’m seeing that our Sophos XG firewalls are blocking M365 install and updates. What is the best way to push the M365 exceptions out to all firewalls? We currently have about 25 XG firewalls. I found the article Sophos Firewall: Configure web…
  • allow url access with port 8080

    Hi all, [xg sophos] i have user who need to access web server on internet so (LAN to WAN) Example: https://webserver.com:8080 How can i create allow this? There is firewall rule already in place wich allow group of users (the user included)…
  • Malware and Virus protection in Sophos XG

    Hi there, I discovered Sophos XG and am pleasantly surprised by the configurations that can be put in place to secure your network. A big thank you for the work done on this tool. Also, I managed to create my various firewall rules based on groups…
  • Website not opening after working before

    I have a client that was able to open a government website until just recently. Now when we try to open the site it comes back with err_connection_timed_out error. I checked the policies and ran a policy tester against the site and it is allowed. They…
  • Aufruf von Links in Google, die als "ANZEIGE" gekennzeichnet sind.

    Ich bekomme beim Aufruf von Links - die als Anzeige markiert sind - bei der Google-Suche einen Datenschutzfehler: Ihre Verbindung ist nicht privat. Angreifer versuchen möglicherweise Ihre Informationen von 192.168.100.254 zu stehlen (z. B. Kennwörter…
  • Wifi faster than ethernet

    Hi, Maybe someone can help me with issue I'm facing. I have fast internet connection (around 800 mbps download) and the thing is that I can't pass 20 MB/s when downloading software from Microsoft site using ethernet. When I switch to wireless I'm…
  • Same Websites blocked and allowed in wrong catagory

    Hi, We have setup network DLP before the firewall which is connected like, Endpoint >> L2Switch >> Network DLP (centos uses Proxy) >> Sophos Firewall. For Example website Web.workline.hr This website comes under the hrms category which is allowed…
  • Web Proxy vs DPI

    hi, if in firewall rule i use DPI instead of web proxy then if user configure proxy in his browser then that will also go through DPI or via web proxy??? please advise.
  • Create a schedule on a policy that allows a specific user to access certain website at a certain time.

    We blocked a website category but want a certain IP to have access to the category at a certain scheduled time. How can I achieve this?
  • Anyone know how to make exceptions for Splashtop?

    Hello, At work I have a situation that Sophos Support has been unable to resolve. We use Addigy as our RMM for Apple devices, to have remote connections it uses Splashtop. We have not able able to add sufficient exceptions or maybe I am doing…
  • XGS Firewall - Application Sync - SSL-Inspection - Rules?

    Hello Sophos Community, I got a Question about designing specific Rules for Applications that are very untransparent how they handle SSL Fingerprinting. Example: From: LAN Zone - From: Specific Host - With Application A (Application RULE 1) - To…
  • "Allow All" web filter policy blocks request allowed when there is no web filter policy

    Hi all I am having difficulty troubleshooting a problem with a request from a mobile phone 2-factor authentication app being blocked by our XG firewall (XG125 SFOS 19.0.0 GA-Build317). To test this, I have created a new top-most firewall rule for…
  • Invalid Traffic for NoSpamProxy/Cyren Antivirus

    Hello, we are using NoSpamProxy to filter spam/malicious emails and this software uses Cryen Antivirus to check the mail content. Every email triggers a webrequest to the Cyren Server ( 84.39.152.31 ) on Port 80 but these request are blocked by the…