Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • XG550 (SFOS 19.0.0 GA-Build317) : problem with Web filter, RDP connection block after upgrade

    Hi, after upgrade from SFOS 18.5.3 MR-3-Build408 to SFOS 19.0.0 GA-Build317, without changes to the policy, we have a problem with connections in vpn ssl, RDP connections (tcp 3389) are blocked. T he logs indicate that RDP connections are blocked by…
  • XG FW - Some users have "Not Secure" notification in browser even though all sites are HTTPS

    XG FW - Some users have "Not Secure" notification even though all sites are HTTPS Users are authenticated and internet is working, however, no matter which site they go to it always says "Not Secure" "This site has a valid certificate, issued by…
  • Web Proxy vs DPI

    Hi Everyone, I finally moved our XG over to version 18 yesterday and no hiccups. My question is I am wanting to get SSL/TLS Inspection setup correctly for our environment and I noticed when I toggled of SSL/TLS inspection->ON, it must automatically…
  • How often does Sophos check the accuracy of the geoip database?

    DHi folks, I was investigating an unknown country ip address and found that it belongs to cloudflase in the US. Cloudflare being like AWS etc as a large supplier is cloud servers I would think that the geoip database should be easily updated. If the…
  • Why when blocking https does that stop access to the XG GUI?

    Hi folks, due to a little accident I added https to a drop firewall rule, that stopped the vpn from working and also all other devices using https on that network. I was connected to the GUI at the time and lost the connection. Why did the connection…
  • Parallels Access for Mac

    I've continued this post in "Looking at awarrenhttp_access.log for FQDNs" as I was having problems doing that, and through that post I found a domain that pointed me in the right direction, but is still ongoing in trying to fix the issue with Parallels…
  • Allowing Whatsapp Calls in Sophos XG

    Hi all. I'm running Sophos XG Home Edition ( SFOS 19.0.0 GA-Build317). Whatsapp Calls are being blocked, I have no Web Policy or Application Control being used by Firewall rule. Any services are allowed from LAN to WAN. Can't see that anything…
  • HTTPS-Scanning some Website-Certs unvalid (expired)

    have a strange problem here with an XG cluster. On 07.06.22 there was a problem with the onsite NTP service. After the failure, which lasted about 5 minutes, some websites such as google.com can no longer be accessed in a browser because the certificate…
  • Suggestions for how to enable SSL decryption to enable additional protection

    Hello, I would like to enable SSL decryption and I am hoping to have this rolled out before July. There is a mix of all kinds of devices: I think I handle certificate installation on most devices. I know I won't be able to do that on some devices…
  • Software Agenda und Sophos XG ich komme nicht weiter

    Hallo, ich versuche gerade die Software AGENDA upzudaten, aber leider sagt mir die Software: keine Verbindung zum Internet...ich habe aber Internetverbindung. Die Beschreibung in der Agenda Hilfe ist auch nicht wirklich aussagekräftig: hier mal der…
  • DPI issue with AnyDesk Software

    We're having an issue with anydesk beeing blocked in DPI due to invalid Certificates. Anydesk uses own certificates, not trusted anywhere but in their software. CN = AnyNet Root CA CN = AnyNet Relay Both seem to have the same fingerprint: 9e:08…
  • Websites load slowly or not at all without Web-Proxy

    Hello, we have the problem that in general all websites load slowly and many others do not load at all. We use version 19 (SFV4C6 / 19.0.0-B317) as VM in Hyper-V. Here are some examples of websites that cannot be accessed at all: https://icloud…
  • Lots of "Invalid Traffic" being dropped to Office 365 servers.

    Hey folks! I have a XG firewall on 18.5.2. For the last year or so, we have been having trouble with random users being prompted to put their Outlook password in for the desktop app. I have been chalking it up to Microsoft being eh. But this week it has…
  • Security Features > Web Filtering - Best practice for BYOD Devices

    Hi. I am looking for some advise around the best practise for Web Filtering for a BYOD network. We have a seperate network setup on our XG for residents who connect their own devices which are mainly mobile devices. We have a firewall rule crated…
  • XG Firewall DPI

    Hello everyone, I was trying to enable DPI feature inside of the existing rule, however Malware scanning section is missing in my case. Please see screenshots attached for comparison.
  • Sophos XG Firewall - GEO Blocking is equal to Webfiltering?!

    Hello Sophos-Community, I own a Sophos XGS 126 [ SFOS 18.5.2 MR-2-Build380 ] and am happy with it. After tinkering with a few settings, I found something odd and wanted to ask if this is intended? (SSL Inspection = ON - DPI Engine Active - Added Rule…
  • How to disable the Capture Code on USER Portal and add the Company Logo?

    Hello, how can i disable the Capture Code on the User Portal Site and add our Company Logo? Regards, Jan
  • Roblox not working if "Use web proxy instead of DPI engine" is active

    Hello to all.. Seems like roblox got me into a rabbit hole Since I don't want to confuse you with a lot of stuff, long story short: Roblox is not working if "Use web proxy instead of DPI engine" is active.. The roblox website is being accesed without…
  • Policy Quota not working with DPI

    Hello! I set a web category (Games) to be accessible only for 1 hour per day. I run a policy test and I get the correct result: If I go to the firewall rule that has this policy and check the option "Use web proxy instead of DPI engine", all seem…
  • Restrict login domains for MS365

    One method of tenant control in SaaS is to insert information on permitted domains into HTTP headers by proxies on the path. In Sophos XGS, the "Restrict login domains for Google Apps" setting in the Web Policy is considered to be applicable to this…
  • Block VPN Exntesion/Add-on On Chrome, Opera browser

    Hi guys, I've Sophos XG Home that block all Entertainment Web Browser. Problem is users use VPN add-on on Browser such as Hoxx VPN, Touch VPN, Ultrasurf,... so user still can access to Entertaintment site like "Youtube.com". I add application rule…
  • Adobe Creative Cloud updates failing with error 113 on XGS 87

    After I migrated from an XG85 to XGS87, I can no longer download Adobe Creative Cloud updates. I get error 113 which is a vague error that indicates the problem is on my end. My XGS87 is set up primarily with the defaults. I'm using XGS87 (SFOS 18.5.2…
  • "Securly" security provided by school conflicting with web proxy.

    I have an interesting problem, which I have solved but don't understand what is going on! I run Sophos XG Home SFOS 18.0.6 MR-6-Build655. My daughter has a laptop from school which runs an azure based cloud office setup, with a firewall/security app called…
  • Office 365 Exceptions

    Currently we have to create exceptions for Office 365 in the web filter by following the guide here: Sophos Firewall: Configure web exceptions for Office 365 It would be nice if the exceptions could auto-update the list of IP's and URLS from http:/…
  • GoogleDuo

    Unable to get Google's Duo chat app to function externally. I have all ports and services open to test it, and while it will connect, there is no audio or video. Ideas?