Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • WAF File Size limit

    Hi Sophos, The WAF file size limitation of 1MB has been around for at least 2 years, please check community post "413 Request entity too large". Can Sophos please make it so we can manage it through the GUI and make the change permanent. At present…
  • XG 330 V18.5 WAF - how to disallow only TLS 1.3 or higher

    Hi, XG 330 V18.5: Is there a way to disable TLS 1.1 for a dedicated WAF rule? Thanks for hints Gernot
  • waf for cloud server

    Dear Friends I am running Vps server in GoDaddy ,can i configure WAF for Vps server
  • Web Server Protection

    Hello Everyone , please need any resources or documentations about web server protection (WAF) Sophos XG v18. thanks in advance ........
  • Sophos XG 18.0.3 Active sync email problem

    I'm having an issue since upgrading to v18.0.3 in that iOS users are unable to send emails with attachments. I have a case open with support (03814579) for over a month but I'm not getting anywhere with them. I'm lead to understand this is related to…
  • XG v18 mr5 WAF rule missing???

    I just tried to setup a Web Server again on XG v18 MR 5, when I used WAF a while ago on older rls's you used to add a firewall rule for WAF. But I can't seem to find how to add a WAF rule now as its either add a NAT rule or a standard Firewall rule, there…
  • How can i make rule with One Web server with 5 diferents paths on XG Firewall V18

    Example: 192.168.100.29:8011/.../*, 192.168.100.29:8011/.../*, 192.168.100.29:8011/.../*, 192.168.100.29:8011/.../*, 192.168.100.29:8011/.../*.
  • WAF Active Sync upload Problems after Upgrade to v18

    Hello, after finally updating our XG cluster to v18.0.4, we are currently having problems sending emails with attachments bigger 1MB. I opened a ticket and although I mentioned (NC-62805) Sophos has not responded for over two days. @LuCar Toni…
  • Sophos WAF understand

    Good morning all . I have a behavior that I cannot understand with the WAF function or maybe I did not understand how the WAF works. On my XG I opened ports 443 and 80 to a web server. Until then, no problem. Following a change in the firewall rule…
  • SFOS 18 MR-5 and SSL VPN

    Our office recently installed new Sophos hardware - moving from an old SG UTM to a new XG310. I'm still trying to get my head wrapped around the XG interface, which as you probably know, is vastly different from the old SG UTM interface. So please forgive…
  • Skip Filter Rule - Que son los esos ID que se excluyen en una WAF

    Hola, Alguien que me pueda aclarar la duda sobre los ID que se colocan en skip fiter rules dentro del WAF, ya que he ingresado el código 949110 para que mi servidor web pueda ser publicado, pero quisiera saber si ese código pueda tener una vulnerabilidad…
  • Countryblock Rule does not match

    Hello, I created a Countryblock Rule as described here ( https://docs.sophos.com/nsg/sophos-firewall/18.0/Help/en-us/webhelp/onlinehelp/nsg/sfos/tasks/CreateFirewallSecurityRule.html ) but this rule does not match. My published Webserver must…
  • WAF causing IIS HTTP-500 errors, but no logs

    Hi Working to secure a Web Application with the WAF. We have done a few other applications with success, but this one is new. We are running into an issue that whenever any of the Common Threats are enabled, the IIS server just errors with 500 - Internal…
  • Disable WAF HTTP trace & track

    Hi, I need to disable the HTTP TRACE & TRACK methods on the WAF on XG18 MR5 I have tried the KBs below and they do not apply, I guess they are too old https://support.sophos.com/support/s/article/KB-000038557?language=en_US https://support.sophos…
  • WAF throughput on Sophos XG

    Hello guys, I´m looking for a new Sophos XG appliance to use as WAF/Web server protection and I´m wondering what the correct value for WAF throughput is as it is no listed explicitly in the datasheets. Is it the same as firewall throughput? Thank…
  • Internal servers accessible via subdomain.domain.org from outside LAN, but not inside.

    Hi all. I'm running Sophos XG v18 and have been building things out a bit for my home setup, but just recently I hit a snag that I'm having a lot of difficulty figuring out. I've read a lot of guides that suggest this is a common thing and pretty approachable…
  • WAF with Exchange 2019: ActiveSync does not work

    Hi, I am using XG 18.0.4 -MR4 and Exchange 2019. From the past I have some experience with SG, but I am new to XG. Trying to set up WAF to protect my Exchange, I followed this guide: https://www.frankysweb.de/sophos-xg-18-webserver-protection-und…
  • WAF in XG: Best practice with multiple IPs

    Hi, coming from SG, I am trying to find the best way to publish applications in XG. So far, I have always preferred to publish my ssl-VPN and user portal using the standard port 443. Reason being that this port is most likely to be open in any internet…
  • webserver with 2 gateway

    gateway A - wan A: 111.1.1.1 / lan: 192.168.1.1 gateway B - wan B: 111.1.1.2 / lan: 192.168.1.2 webserver - lan: 192.168.1.3 / gateway: 111.1.1.1 webserver has only 1 lan port. how can i enable web request from wan B (gateway B) to webserver?
  • Restrict by IP address. - but only for one URL?

    Good morning all, I have a single windows DMZ box set up which is hosting a number of different websites, apis etc. I have one site on that box that I want to restrict by external IP address. I know in the firewall rules you can restrict by port…
  • Where are Business Application Rules?

    Hi, I'm trying to create a "Business Application Rule" but this option is not available as described in several articles. (Example: https://support.sophos.com/support/s/article/KB-000035667?language=en_US ) The only rule type I have available is…
  • Advanced Shell Permission

    Hello everybody, how can I work with Sophos Advanced Shell on Sophos XG. I always get Read Only Permission messages. Thanks in advance
  • WAF rule works while disabled - strange behaviour

    Hi Guys, I'm using XG with the newest firmware (18.0.4-MR4) and I have a onlyoffice workspace test installation behind it. When I open onlyoffice via private IP or FQDN, it automatically redirects from http to https. So I think it's working as it should…
  • Sophos XG WAF & RDS 2019

    Hi, I configure waf profile for RDS 2019. For configure that, i follow this KB https://support.sophos.com/support/s/article/KB-000036644?language=en_US There is no problem for open the web portal but when users open rdp file, unable to authenticate…
  • WAF & SSL Certificates

    Hello, We have a web server at the back of the Sophos firewall. We recently added a SSL certificate from Godadddy for the domain pointed to the server. The certificate seems to be installed properly in the firewal, however when we are trying to access…