Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • automatically renew Let's encrypt SSL-certificates on XG using PowerShell

    I spent a few hours on this, so maybe my result helps someone in a similar situation. In my home-lab I'm running a KEMP ADC that publishes all my SSL-Services. Since KEMP does not support Let's encrypt out of the box but offers a PowerShell module for…
  • XG web proxy modifies certificate start and end date

    Hello, is it expected bahaviour that the XG is adding several months to the certificate of a website when doing HTTPS decrpytion and inspection? We noticed this today and were confused. If this is "works as designed" - What is the purpose of doing…
  • Certificate Authentication for a Specific Website

    Hi, We are using an XG firewall to allow remote workers to sign in via the VPN to the office network. From the office network they can access the company intranet which is locked down to the office IP address. If possible what we'd like to do is issue…
  • Captive Portal not using the right certificate after upgrade to SFOS 18

    Hi there, We noticed that after upgrading to SFOS 18, Sophos XG is not using the correct SSL Certificate for the captive portal. As you can see we have it set in the Admin settings on the device: And it's being used on all services, but the Captive…
  • Need API support for SSL certificate download from XG Firewall potal -> System -> Certificates

    We are in need of REST API support for the below operations in the sophos XG firewall portal. 1. Download/upload certificates and private key in the sophos XG firewall portal (admin portal) -> System -> Certificates inventory. 2. Generate CSR. …
  • Why do I get Certificate Errors on Blocked Categories on XG v18?

    Greetings, I'm using a self-signed cert for user portal login and admin logins generated by using the devices IP address. When I log into those sites, the certificate passes through fine. When end-users hit a site which is in a blocked category, the…
  • Imported certificates not listing in Business Application Rule (BAR)

    I recently performed a factor reset on my XG 85 to resolve an issue with the WAF service causing the BAR firewall rules to hang. Now when I create a new BAR (Exchange General specifically), the certificates that I imported do not appear in the HTTPS Certificate…
  • Web Policy Alert no working at all (certificate error)

    Hi friends, Im trying to set an alert to show to the user "go to this site is not the best but, you can go, clic on continue" or something like, but instead of that it only shows a NET::ERR_CERT_AUTHORITY_INVALID on chrome. Does anybody know if i can…
  • SSL certificate for Sophos User Portal

    I have successfully installed a p12 certificate on the Sophos firewall. I followed this guide: https://www.leibling.de/sophos-xg-eigenes-oeffentliches-zertifikat-verwenden/ Looks like i can't activate the new certificate under Administration->Admin…
  • how to connect to my appliance securley

    hey guys, when i connect to my sophos appliance, i have this red bat (using https): i'v tried and failed to make this a "green" bar. i tried to load the certificate to the root ca container. maybe im missing something, but can you guys…
  • Upload Certificate using API

    Hi folks, I've started having a play around with XG. I have a PowerShell script for generating a new Let's Encrypt certificate and updating my various components that use it, and wanted to integrate this with XG Home. It looks like the obvious way…
  • Security Heartbeat stopped working in 17.0.6 MR-6

    Hi, I'm Facing a problem with Heartbeat its stopped suddenly and the counter showing 0 and there is no logs at all when I checked the logs I found there is a certificate issue so please anyone face the same problem and how do I fix it, I have opened…
  • IPSec Tunnel with Certificates

    Hey there! I do have a little problem with the IPsec configuration of Sophos XG. I have been trying to do the same thing with Sophos UTM, but never got it working. I basically need a Remote Access IPsec VPN with authentication via certificates (no pre…
  • Certificate Error: The security certificate was issued by a Company you chose not to trust

    I recently installed Sophos XG 125/ w125 on our network. After installation I have been receiving the “Certificated is not valid” error when trying to open the outlook application. I am using Exchange 2010 and previously when I was using TMG I did not…
  • Decrypt & Scan HTTPS

    Hello all, I've been messing around with the certificate distribution using GPO. After create the default domain policy, adding the cert and force the gpo update I got the cert installed on my browsers (Firefox and Chrome) but I'm still getting the…
  • #7779325 - SSL Certificates for User Portal

    Hi All, Hope all of you are doing well. I am just trying to secure my user portal by assigning a url and applying a SSL Wildcard Certificate on the Sophos XG 330. I was able to convert the PFX and private key that the RAPID SSL gave me and applied…
  • Set-up issues

    I will preface this by saying I had a UTM120 for three years with the UTM9 OS and right now thinking boy I miss those days. I was told that my appliance was nearing end-of-life so to renew licensing I went with the XG115. I had configured UTM9 on my own…
  • Certificate error on sharepoint

    I received sophos certificate error when try to save a file on sharepoint. screen shot is attached. please someone help me out. Thanks
  • Sophos XG home Web GUI access - SSL/certificate issues under OS X 10.13

    Dear All I recently upgraded my MacBooks to OS X 10.13. Since I do not connect to my XG every day (or even week), I am not absolutely sure, if the issues at hand are related to OS X 10.13. Safari now reports: This connection is not private The Sophos_CA_…
  • Privacy Error - Chrome v60

    I was not getting these issues until Chrome updated to version 60. It seems that it now requires a S.A.N. to be set. Will this be addressed in the next firmware update? Is there anything I can do to stop getting these warnings? In trying to sort…
  • Certificate Startcom

    Hi, I created a free StartSSL certificate and I succesfully uploaded it in the Sophos XG. I did the same for the CA, but still my certificate is untrusted by my XG. I think I got the wrong CA but im not sure. Greets, Jeffrey
  • How to request and setup certificate

    Hi friends, I am struggling with certificates on my XG firewall. I want to request a certificate with Lets Encrypt, and install it on my XG firewall. But I just don't understand hoe it works in total. I'm not to familier with certificates, but I know…
  • I don't receive emails when smtp smtps scan is activated

    Hello everyone I have a problem with my Sophos XG210. I have a Exchange 2010 Server, before we had a self-signed certificate. We activated the email protection (because of spam), it worked perfectly. Yesterday we have changed the certificate to…
  • cannot use uploaded WC certificate for admin access

    hello, i have an XG 16.5 MR4 and we bought a commercial wildcard certificate for the entire company domain and i can't select it for use. first i uploaded the cert, it processes OK(the only thing is that the authority column marks a fail with "expected…
  • HTTPS decryption with own CA

    Hi gents, is there a way to reencrypt HTTPS traffic with own CA? I have imported both public and private keys to XG, but I am not able to choose which one to use. This is really needed feature, like it works in UTM. Thank you so much! Jakub