Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • How to disable the Capture Code on USER Portal and add the Company Logo?

    Hello, how can i disable the Capture Code on the User Portal Site and add our Company Logo? Regards, Jan
  • Roblox not working if "Use web proxy instead of DPI engine" is active

    Hello to all.. Seems like roblox got me into a rabbit hole Since I don't want to confuse you with a lot of stuff, long story short: Roblox is not working if "Use web proxy instead of DPI engine" is active.. The roblox website is being accesed without…
  • Policy Quota not working with DPI

    Hello! I set a web category (Games) to be accessible only for 1 hour per day. I run a policy test and I get the correct result: If I go to the firewall rule that has this policy and check the option "Use web proxy instead of DPI engine", all seem…
  • Restrict login domains for MS365

    One method of tenant control in SaaS is to insert information on permitted domains into HTTP headers by proxies on the path. In Sophos XGS, the "Restrict login domains for Google Apps" setting in the Web Policy is considered to be applicable to this…
  • Apply time quota for a specific category

    Hello guys! As per the subject, I want to implement a time quota of 90 minutes per day for games for my kids computers. To elaborate a bit, I have a Kids policy created. There are some allowed categories there, some others are blocked. The policy…
  • Block VPN Exntesion/Add-on On Chrome, Opera browser

    Hi guys, I've Sophos XG Home that block all Entertainment Web Browser. Problem is users use VPN add-on on Browser such as Hoxx VPN, Touch VPN, Ultrasurf,... so user still can access to Entertaintment site like "Youtube.com". I add application rule…
  • Adobe Creative Cloud updates failing with error 113 on XGS 87

    After I migrated from an XG85 to XGS87, I can no longer download Adobe Creative Cloud updates. I get error 113 which is a vague error that indicates the problem is on my end. My XGS87 is set up primarily with the defaults. I'm using XGS87 (SFOS 18.5.2…
  • "Securly" security provided by school conflicting with web proxy.

    I have an interesting problem, which I have solved but don't understand what is going on! I run Sophos XG Home SFOS 18.0.6 MR-6-Build655. My daughter has a laptop from school which runs an azure based cloud office setup, with a firewall/security app called…
  • Office 365 Exceptions

    Currently we have to create exceptions for Office 365 in the web filter by following the guide here: Sophos Firewall: Configure web exceptions for Office 365 It would be nice if the exceptions could auto-update the list of IP's and URLS from http:/…
  • GoogleDuo

    Unable to get Google's Duo chat app to function externally. I have all ports and services open to test it, and while it will connect, there is no audio or video. Ideas?
  • web policy override block page not displaying

    Client requirement: -blocking all unprofitable websites and app -web policy override configuration for specific users eg lectures and administration department Problem: -after blocking the websites requested and tested this page comes up …
  • Dropped due to TLS engine error: FLOW_TIMEOUT[5]

    I appreciate that other people have raised this issue before, but I am having problems with a specific IOT device trying to send a data packet to the cloud. This particular device (which reports the salt quantity in a water softener) causes the following…
  • Webpage HTML Inspection using DPI

    Hello, Is there a way to block a sites having a specific string in the HTML they render in a page when DPI is enabled? I know this is possible already on anything in the Url of a site, but what about the contents of a page? (within the HTML) Thanks…
  • Filtering Games by Rating

    Is there any way to filter games (XBox, PS etc) by their rating with the XG Firewall and the UTM Firewall? I know this can be done done with parental controls on the game consoles but canit be done with the firewall?
  • Scanning Emails - Invalid Certificate

    I am trying to scan inbound emails that are fetched by Thunderbird, the iOS mail client, and the Gmail Android app. Sending and receiving seems to work, however, copying to the sent folder does not, unless I accept invalid certificates under the POP/IMAP…
  • SSL traffic over NON-SSL ports

    Hello, I have an online portal from one of our partners which uses port 5443. The traffic to this site is being denied by application filter on account of "SSL Traffic over Non SSL Ports" Allowing this specific application under the category…
  • SSL\TLS Inspection

    Good Day All, I need some advice regarding SSL\TLS inspection. I have decided to open\allow access to Reddit. With the appliance certificate installed one is able to browse to Reddit and all subreddits with no issues from what I can see. However…
  • XG FIREWALL + STAS + WEB DPI Protection

    Hello, we have 2 Sophos XG Firewall 430 in active-active HA mode. And I've configured some firewall rules to allow users in some AD groups to navigate. Ex.: I create a firewall rule for each AD group and create a specific WEB Policy for this AD group…
  • DPI on port 80/443 category lookup as unknown

    Hello, I'm currently using SFOS 18.5.2 MR-2-Build380 I noticed the same thing in SFOS 18.5.1 MR-1-Build326 When using the new DPI engine (with or without decryption does not matter) I also see this on multiple devices with different OS (Windows, IOS,…
  • Microsoft ClickOnce download fails

    Hi, When downloading this: http:// plan.getsmartday.com (Needs to be done from Edge) The installer starts but get's cancelled during the download. I have tested on 3 sites all with Sophos Firewall 18.5.1, 18.5.2 and 19.0.0, all the same, disabled…
  • SSL/TLS Inspection is blocking Veeam Backup Agent

    Hi, until last week i've used only the web proxy funcionality. Now i've configured the SSL/TLS Inspection and have a strange behavior. The Veeam Backup and Replication Server (Backup03 - in Backup-LAN) can backup the ESX-Server in LAN. But the Veeam…
  • SSL/TLS inspection

    Hi All I am facing a strange error whereby there are no logs in the SSL/TLS inspection even though it SSL inspection is enabled and sophos is MiM the tls traffic. SSL Traffic is sucesfully decrypted on the end client using a custom CA. Logging in enabled…
  • www.sophos.com - DPI Error: Server did not respond to client hello

    I would not expect this on a Sophos machine: 2021-11-25 16:32:12SSL/TLS inspectionmessageid="19017" log_type="SSL" log_component="SSL" log_subtype="Error" severity="Information" user="me" src_ip="xxxxxxxx" dst_ip="23.36.239.66" user_group="xxxxxx…
  • problem in allow google translate only for users rule

    Dear All, I have a problem in make users use google translate after block all network traffic and the rule as below
  • Web Proxy vs. DPI = partially slow vs. malfunctioning

    Hello all, first of all our config: XG210 HA (SFOS 18.5.1 MR-1 build326). We currently have the following problem: Web Proxy off, DPI on: good performance, no noticeable limitations except for one application. The application is called WRIKE and is…