Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • Certificate Office365

    I have a problem with Sophos XG and Office365. some computers pop up a warning like the following when opening Ms. Outlook.
  • Sophos v19 - Web Proxy or DPI-SSL web filtering & DNS requests

    Hi, I have a question about Web content filtering using either Web proxy or DPI-SSL and DNS requests/resolution. I have Sophos firewall set up in bridge mode with Netgear router as the gateway and for DNS. The Netgear router handles DHCP and DNS…
  • DPI / TLS Scanning exception issue with d1. d2 d3.sophosupd.com when installing Intercept-X for Mac

    Hi, today we're facing something new: issues when rolling out the Sophos Endpoint to Mac Books. Windows Endpoints: no problem. They fail to install. Workarounds like https://support.sophos.com/support/s/article/KB-000044045?language=en_US were unsuccessful…
  • How to block Tiktok App

    Hi I'am unable to block Tiktok application and can't even find it in application control. Please help... Thanks...
  • TLS handshake fatal alert: certificate unknown(46).

    Hi, I am seeing these errors in the log for some websites which tend to utilise tracking information, particularly those which utilise a CNAME record to point to another address. For example, the website t.myrenews.com.au is a CNAME that resolves…
  • PDF generate from our web server behind firewall alwasy blocked

    i have server that run code javascript or something that generate pdf file for download or view but alwasy faild or error my server using local addres nat behind the sophos xg. What shoud i have to do to white list this action
  • Internet pages suddenly no longer work 502

    Hello, since today suddenly several internet pages do not work anymore. The browser gives the error message: HTTP ERROR 502 The page is e.g. https://www.ista.com/de/ Firewall is a XG115w (SFOS 19.0.0 GA-Build317 Do you have a solution? Thanks…
  • SEC_ERROR_EXPIRED_CERTIFICATE for web proxied sites

    Hello, I am a home user of the Sophos XG firewall - SFVH (SFOS 19.0.0 GA-Build317) - and use it to proxy specific sites... one of those things I proxy is google and youtube. Recently, it seems that the certificates that my appliance creates have expired…
  • XG550 (SFOS 19.0.0 GA-Build317) : problem with Web filter, RDP connection block after upgrade

    Hi, after upgrade from SFOS 18.5.3 MR-3-Build408 to SFOS 19.0.0 GA-Build317, without changes to the policy, we have a problem with connections in vpn ssl, RDP connections (tcp 3389) are blocked. T he logs indicate that RDP connections are blocked by…
  • XG FW - Some users have "Not Secure" notification in browser even though all sites are HTTPS

    XG FW - Some users have "Not Secure" notification even though all sites are HTTPS Users are authenticated and internet is working, however, no matter which site they go to it always says "Not Secure" "This site has a valid certificate, issued by…
  • Web Proxy vs DPI

    Hi Everyone, I finally moved our XG over to version 18 yesterday and no hiccups. My question is I am wanting to get SSL/TLS Inspection setup correctly for our environment and I noticed when I toggled of SSL/TLS inspection->ON, it must automatically…
  • How often does Sophos check the accuracy of the geoip database?

    DHi folks, I was investigating an unknown country ip address and found that it belongs to cloudflase in the US. Cloudflare being like AWS etc as a large supplier is cloud servers I would think that the geoip database should be easily updated. If the…
  • Why when blocking https does that stop access to the XG GUI?

    Hi folks, due to a little accident I added https to a drop firewall rule, that stopped the vpn from working and also all other devices using https on that network. I was connected to the GUI at the time and lost the connection. Why did the connection…
  • Parallels Access for Mac

    I've continued this post in "Looking at awarrenhttp_access.log for FQDNs" as I was having problems doing that, and through that post I found a domain that pointed me in the right direction, but is still ongoing in trying to fix the issue with Parallels…
  • Allowing Whatsapp Calls in Sophos XG

    Hi all. I'm running Sophos XG Home Edition ( SFOS 19.0.0 GA-Build317). Whatsapp Calls are being blocked, I have no Web Policy or Application Control being used by Firewall rule. Any services are allowed from LAN to WAN. Can't see that anything…
  • HTTPS-Scanning some Website-Certs unvalid (expired)

    have a strange problem here with an XG cluster. On 07.06.22 there was a problem with the onsite NTP service. After the failure, which lasted about 5 minutes, some websites such as google.com can no longer be accessed in a browser because the certificate…
  • Suggestions for how to enable SSL decryption to enable additional protection

    Hello, I would like to enable SSL decryption and I am hoping to have this rolled out before July. There is a mix of all kinds of devices: I think I handle certificate installation on most devices. I know I won't be able to do that on some devices…
  • Software Agenda und Sophos XG ich komme nicht weiter

    Hallo, ich versuche gerade die Software AGENDA upzudaten, aber leider sagt mir die Software: keine Verbindung zum Internet...ich habe aber Internetverbindung. Die Beschreibung in der Agenda Hilfe ist auch nicht wirklich aussagekräftig: hier mal der…
  • DPI issue with AnyDesk Software

    We're having an issue with anydesk beeing blocked in DPI due to invalid Certificates. Anydesk uses own certificates, not trusted anywhere but in their software. CN = AnyNet Root CA CN = AnyNet Relay Both seem to have the same fingerprint: 9e:08…
  • Websites load slowly or not at all without Web-Proxy

    Hello, we have the problem that in general all websites load slowly and many others do not load at all. We use version 19 (SFV4C6 / 19.0.0-B317) as VM in Hyper-V. Here are some examples of websites that cannot be accessed at all: https://icloud…
  • Lots of "Invalid Traffic" being dropped to Office 365 servers.

    Hey folks! I have a XG firewall on 18.5.2. For the last year or so, we have been having trouble with random users being prompted to put their Outlook password in for the desktop app. I have been chalking it up to Microsoft being eh. But this week it has…
  • Security Features > Web Filtering - Best practice for BYOD Devices

    Hi. I am looking for some advise around the best practise for Web Filtering for a BYOD network. We have a seperate network setup on our XG for residents who connect their own devices which are mainly mobile devices. We have a firewall rule crated…
  • XG Firewall DPI

    Hello everyone, I was trying to enable DPI feature inside of the existing rule, however Malware scanning section is missing in my case. Please see screenshots attached for comparison.
  • Sophos XG Firewall - GEO Blocking is equal to Webfiltering?!

    Hello Sophos-Community, I own a Sophos XGS 126 [ SFOS 18.5.2 MR-2-Build380 ] and am happy with it. After tinkering with a few settings, I found something odd and wanted to ask if this is intended? (SSL Inspection = ON - DPI Engine Active - Added Rule…
  • How to disable the Capture Code on USER Portal and add the Company Logo?

    Hello, how can i disable the Capture Code on the User Portal Site and add our Company Logo? Regards, Jan