Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • WAF Rule

    Dear Everyone, I have a problem with WAF Rule , Do WAF Rule working with or without DNAT Rule . and when Disable DNAT Rule the access to published URL is very slowly and the page load incorrect . Can anyone help me ? Thanks in advance
  • SOPHOS BACKUP GATEWAY

    HI All I configure Sophos XG firewall secondary gateway and I enable failover when the active fails to take over however I couldn't access the sites I publish from outside my network. what I should do in order to work? Thanks
  • WAF domains will not be covered?

    Perhaps I am missing something simple here, but after setting up WAF for an internal HTTPS server, I am getting the following message when I try to save the rule: Following domain(s) will not be covered by selected HTTPS certificate "remote.domainname…
  • Sophos XG WAF Exchange 201x, Problem with attachment size greater 1 MB

    Hello, when will this finally be solved? I already have 2 customers who have this problem. And it is always a chore to explain to the support what they have to do. I'm slowly cursing the day I switched to V18. regards BCS
  • DNS dos not resolved

    we hosted the server on IIS in the internal network and I assigned a domain name like app.example.com but the problem is while trying to access from outside the network using domain name(app.example.com) the website has not loading but while trying…
  • WAF Certificate Changes

    Has Someone a Idea to change the Certificates on Multiple WAF Rules i have an Single Certificate with Multiple Domains (SAN) however now the Certificate is Expired and i need to change it, but every time i go onto a WAF rule the Domain List is empty…
  • OWA gets blocked from dedicated Mobile Phone Provider

    Hi all, having Sophos XG with 18.5 SFOS and OWA implemented. It happens actually that ALL mobile phones from dedicated mobile phone provider (in this case "Deutsche Telekom") gets blocked with error in WAF logfile: "Bad repution SXL category IPCAT_BOTS…
  • WAF Access permission issues V18

    I have Web app server and i use the waf business rule in order to protect my web app and i specify one specific public IP address in Allowed client networks in the Access permission tab but after i enable this policy all the public IPv4 hit and pass…
  • Webserver Protection does not accept licence

    Hello Community, I've a new firewall installed with a Webserver Protection license enabled. The Sophos License Portal and the Firewall itself shows the license is activated and synced. If I create a WAF Rule I see the message This feature requires…
  • XG Path Specific Routing with wildcard/path parameter

    Is it possible to use a wildcard and/or path parameter when adding path specific routing rules to a WAF rule? For example, I would like to have my default rule `/` route to one server, and something like `/my/route/*/xyz` or `/my/route/{id}…
  • Troubles with multiple virtual websites

    Hi there, Hope that someone can help me out, i am probably doing something stupid. I used to work with UTM and had no issues. Im switching to XG v18 and it seems no matter what i change, all virtual websites that i create are going to my exchange server…
  • Exclude external IP from WAF Reputation Scan

    Hey Guys, we are using WAF to publish our Exchange (OWA). One of our users LTE-Router IPs gets rejected with 'Bad Reputation'. Is it possible to exclude one IP from the bad reputation filter in the WAF? Thanks in advance.
  • WAF stops processing requests

    I have the same issue posted about here XG WAF stops working without error - Discussions - Sophos (XG) Firewall - Sophos Community . All WAF rules stop being processed seemingly random. This has been an issue since upgrading to v18.0.4. I am currently…
  • WAF - HTTP POST request method

    Hello, Supports WAF HTTP POST request method or only HTTP GET?
  • WAF File Size limit

    Hi Sophos, The WAF file size limitation of 1MB has been around for at least 2 years, please check community post "413 Request entity too large". Can Sophos please make it so we can manage it through the GUI and make the change permanent. At present…
  • XG 330 V18.5 WAF - how to disallow only TLS 1.3 or higher

    Hi, XG 330 V18.5: Is there a way to disable TLS 1.1 for a dedicated WAF rule? Thanks for hints Gernot
  • Sophos NextG Web Application Firewall for Exchange with Multi-Factor Authentication (MFA)

    Hi All, Due to EOL with Sophos UTM 9, We recently upgrade to Sophos Next Gen Firewall. We used to have a feature with Sophos UTM that allow to enabled OTP / Multi-Factor Authentication on Web Application Firewall or Web Application Proxy for second…
  • waf for cloud server

    Dear Friends I am running Vps server in GoDaddy ,can i configure WAF for Vps server
  • Web Server Protection

    Hello Everyone , please need any resources or documentations about web server protection (WAF) Sophos XG v18. thanks in advance ........
  • XG v18 mr5 WAF rule missing???

    I just tried to setup a Web Server again on XG v18 MR 5, when I used WAF a while ago on older rls's you used to add a firewall rule for WAF. But I can't seem to find how to add a WAF rule now as its either add a NAT rule or a standard Firewall rule, there…
  • Sophos XG 18.0.3 Active sync email problem

    I'm having an issue since upgrading to v18.0.3 in that iOS users are unable to send emails with attachments. I have a case open with support (03814579) for over a month but I'm not getting anywhere with them. I'm lead to understand this is related to…
  • How can i make rule with One Web server with 5 diferents paths on XG Firewall V18

    Example: 192.168.100.29:8011/.../*, 192.168.100.29:8011/.../*, 192.168.100.29:8011/.../*, 192.168.100.29:8011/.../*, 192.168.100.29:8011/.../*.
  • WAF Active Sync upload Problems after Upgrade to v18

    Hello, after finally updating our XG cluster to v18.0.4, we are currently having problems sending emails with attachments bigger 1MB. I opened a ticket and although I mentioned (NC-62805) Sophos has not responded for over two days. @LuCar Toni…
  • Sophos WAF understand

    Good morning all . I have a behavior that I cannot understand with the WAF function or maybe I did not understand how the WAF works. On my XG I opened ports 443 and 80 to a web server. Until then, no problem. Following a change in the firewall rule…
  • Skip Filter Rule - Que son los esos ID que se excluyen en una WAF

    Hola, Alguien que me pueda aclarar la duda sobre los ID que se colocan en skip fiter rules dentro del WAF, ya que he ingresado el código 949110 para que mi servidor web pueda ser publicado, pero quisiera saber si ese código pueda tener una vulnerabilidad…