Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • Certificate could not be updated as it is already used by HTTP Based Policy

    One of my certificates expired that's in use in several places. When I go to edit the certificate and upload the new, it fails with the following error at the top center of the screen: Certificate could not be updated as it is already used by HTTP…
  • #7779325 - SSL Certificates for User Portal

    Hi All, Hope all of you are doing well. I am just trying to secure my user portal by assigning a url and applying a SSL Wildcard Certificate on the Sophos XG 330. I was able to convert the PFX and private key that the RAPID SSL gave me and applied…
  • How to import SSL CA into Outlook?

    Hi community, Recently a client migrated their mail services into gmail cloud servers, but now some of the workstations that are using Outlook are facing certificate errors. Anyone know how to import the appliance certificates into outlook or what…
  • Set-up issues

    I will preface this by saying I had a UTM120 for three years with the UTM9 OS and right now thinking boy I miss those days. I was told that my appliance was nearing end-of-life so to renew licensing I went with the XG115. I had configured UTM9 on my own…
  • TLS Certificate in MTA Mode

    Hi all, Does anyone have a decent walk-through explaining how to get a server cert onto an XG? I'm in MTA mode but using the appliance CA. I have a GoDaddy cert for my 2016 exchange server and I'm assuming that can be imported somehow, maybe. I see…
  • Certificate error on sharepoint

    I received sophos certificate error when try to save a file on sharepoint. screen shot is attached. please someone help me out. Thanks
  • Sophos XG home Web GUI access - SSL/certificate issues under OS X 10.13

    Dear All I recently upgraded my MacBooks to OS X 10.13. Since I do not connect to my XG every day (or even week), I am not absolutely sure, if the issues at hand are related to OS X 10.13. Safari now reports: This connection is not private The Sophos_CA_…
  • 8094/tcp open on WAN port reveals SF-OS

    Hi there, Just been nmap'in the WAN port of an XG, with pretty much the default configuration and no DNAT/SNAT or any services in the protected zone opened at all. The scan reveals the port 8094/tcp and further reveals that the service SSL certificate…
  • Privacy Error - Chrome v60

    I was not getting these issues until Chrome updated to version 60. It seems that it now requires a S.A.N. to be set. Will this be addressed in the next firmware update? Is there anything I can do to stop getting these warnings? In trying to sort…
  • Certificate Startcom

    Hi, I created a free StartSSL certificate and I succesfully uploaded it in the Sophos XG. I did the same for the CA, but still my certificate is untrusted by my XG. I think I got the wrong CA but im not sure. Greets, Jeffrey
  • XG MTA Exchange SSL Cert

    I'm running my XG in MTA mode. Is it necessary to transfer or re-key my standard UCC SSL cert (GoDaddy) for my exchange server and install on the XG?
  • How to request and setup certificate

    Hi friends, I am struggling with certificates on my XG firewall. I want to request a certificate with Lets Encrypt, and install it on my XG firewall. But I just don't understand hoe it works in total. I'm not to familier with certificates, but I know…
  • I don't receive emails when smtp smtps scan is activated

    Hello everyone I have a problem with my Sophos XG210. I have a Exchange 2010 Server, before we had a self-signed certificate. We activated the email protection (because of spam), it worked perfectly. Yesterday we have changed the certificate to…
  • cannot use uploaded WC certificate for admin access

    hello, i have an XG 16.5 MR4 and we bought a commercial wildcard certificate for the entire company domain and i can't select it for use. first i uploaded the cert, it processes OK(the only thing is that the authority column marks a fail with "expected…
  • Cyberoam SMTPS Scanning Certificate

    I am having a problem configuring the SMTPS scanning certificate for my appliance. It seems as though the feature is not properly implemented! Let me explain: Currently, I have a virtual host firewall rule permitting traffic from the WAN zone (public…
  • HTTPS decryption with own CA

    Hi gents, is there a way to reencrypt HTTPS traffic with own CA? I have imported both public and private keys to XG, but I am not able to choose which one to use. This is really needed feature, like it works in UTM. Thank you so much! Jakub
  • XG Firewall Default CA

    I am having issues which consist of an inability to save SSL VPN settings (They always revert to default) and downloading the SSL client for windows. After doing some research it seems my Default CA may be the issue, and when I check the Default CA it…
  • certificat for client mail

    Hello, I come to you because I have a small problem of configuration / use of my version of sophos firewall XG home edition. I activated the scan of the incoming and outgoing emails. Since. My mail client shows me a window indicating that the certificate…
  • SSL Certificate for XG firewall

    Hi, I want to install SSL Certificate for userPotal and SSL VPN. Please advise me which SSL certificate sophos XG support( Wildcard, etc)? How can I enable it when some one browse it via public ip address. Thanks Iffi
  • [Workaround] Quarantine Digest Email IP instead of hostname

    The Quarantine Digest Email settings only let you select an IP address based on Port/Alias, instead of allowing you to specify a hostname. This causes a certificate error when clicking the "My Account" or "Release" links in the email. The admin console…
  • Possible to use a third-party certificate for HTTPS Inspection?

    Hi all, As I am getting more familiar with my new XG firewall, I am naturally wanting to do more and more things. I've started looking at the deep-packet inspection/HTTPS Decrypt and Scan functionality. I've seen the discussions on this board about…
  • Question about certificate screen

    I have a question about the certificate screen in the XG. I uploaded a certificate generated by a legitimate 3rd party issuer (Comodo). I am a little confused by why I have a red X under the "Authority" column. Does this mean there is something wrong…
  • External Certificate used for VPN SSL is migrated?

    After the migration of cyberoam to SF-OS the external certificate remains imported or does it have to be reimported? If we don't use per user certificate the ssl vpn config remains the same?
  • Mozilla Firefox asking for security certificate everytime

    Hi, I am using a XG-210 UTM firewall. The issue is my Firefox browser asking for a security certificate for every new site I visit. I have already imported the appliance's device certificate to Trusted Root Certificates in windows, meanwhile i'm not…
  • SNI Support

    Is SNI supported by XG Firewall? I have multiple SSL certs for multiple domains and one IP and I would like to be able to route traffic to virtual web servers based on this host name inspection. Web servers like Apache, nginx, and IIS as well as every…