Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • Local admin services available on WAN port despite ACL not reflecting that

    So i'm a bit confused and could use some help. After running NMAP on my public IP for a sanity check i was greeted with ports showing open that shouldn't be available to the WAN port. I don't have any services checked on my local service ACL for WAN Starting…
  • Allow Port in Sophos Firewall

    Hi Everyone, I am new to Sophos firewall and I dont know much about this. Can any one tell me how to allow following port in Sophos XG135 (C1B0Cxxxxxxxxxx) CLOUC uses the following Ports HTTP, HTTPS and 9443 for the web console 5060 and 5061 TCP…
  • Error querying FQDN host in XGS firewall. There are multiple IPs for FQDN hosts in the internal network, and the firewall can only find one

    I am currently migrating the SG firewall configuration to XGS. After completing the configuration migration, it appears that the XGS firewall cannot query FQDNs properly. The same FQDN can be queried for two IPs in the SG firewall, but only one can be…
  • DNS over TLS / HTTPS with TLS Inspection

    Hello everyone, today the first occurences of DNS over TLS showed up in one of our customers logs. We have TLS Inspection rolled out at the company and are asking ourselves if the TLS Inspection also inspects DNS over TLS traffic and DNS over HTTPS…
  • Sophos XGS Firewall and Sonos in different VLAN - Multicast setup

    Has someone managed to get Sonos devices to work when they are on a different VLAN than the Sonos App? Would be great to share some information. Especially about routing Multicast through the firewall. I found a great article about this matter in…
  • Unable to add new service XG310 running 19.5.2 MR-2

    When going under Hosts and Services, and then under the Services tab, if I try to add a new service regardless of the name the save button does nothing. For example trying to add a service for ManageEngine Endpoint Central which requires TCP ports…
  • L3 VLANS not routing past gateway.

    Hope someone can help figure out what I am missing. I am pretty sure the issue is on the Sophos XG. I am setting up several VLANS on my Cisco 9500 L3 switch and the issue I am having is I cannot get passed the gateway when trying to access another VLAN…
  • XGS - DHCP String option 128 Vlan Polycom

    We were doing DHCP via Windows Server but decided to use Sophos XGS. DHCP to assign VLAN to Polycom phones via OPTION 128 String VLAN-A=20; - NOTE the ; (semicolon) MUST be at the end of the string for it to work with Polycom. XGS will not allow me…
  • Connections von extern über Heartbeat prüfen

    Hallo, Wir haben aktuell die Überlegungen Connections von extern in der Firewall zusätzlich mit Heartbeat zu prüfen und Clientszugriffe ohne Heatbeat zu sperren. Hier haben wir festgestellt, dass das zu unstabilen Verbindungen führt. Ist diese…
  • IP phones are not connecting

    Hi, IP Phones are connected to the firewall on WiFi VLAN, then redirected to the router via SIP trunk. SNAT is enabled to establish the VoIP service. My problem is, in the firewall rule, if we choose source devices using IP host group, it only connects…
  • load balancing feature is not working and my users are Nat from the same ISP whenever they connected

    Dear Sir I have configured two ISP on two different ports of firewall providing the internet facility through Sophos Firewall. I am using the firewall load balancing features by assigning the weightage of 2:1 to both the ISP's. But load balancing feature…
  • Benutzer an feste Mac Adresse binden

    Hi, ich würde gerne bei manchen Mitarbeitern den Internetzugriff der Smartphones auf eine Stunde täglich beschränken. Hierfür gibt es grundsätzlich die Möglichkeit Benutzer anzulegen und darin die gewünschten Beschränkungen zu konfigurieren. Da…
  • MS Teams meeting drop 2-3 s : Protocol switch from TLS to SSL

    Hi All XG330 (SFOS 19.5.2 MR-2-Build624) I have the problem of connectivity lost, in MS Teams while meeting as picture below. According to analyse packet between incoming and outgoing when we use MS Team, I found that in the time of connectivity…
  • Unable to access VLAN networks from data networks

    I have 3 VLANS, 1 for CCTV, 1 for wifi controller, and the other for IP phones. data network - port 1 192.168.0.0/24 port1.12 - 192.168.2.0/24 - wifi. (VLAN) port1.13 - 192.168.1.0/24 - CCTV (VLAN) We want to manage the CCTV and the access…
  • Internet slow on XG firewall

    Hi, Got a client that has got a XG125 firewall. Users are complaining about internet speed. Internet line has been upgraded from 10/2 to 20/10 but there has not been a change in the speed. Changed the weight of the line from 1 to 50 but this…
  • Multiple WAN/LAN bridges on XGS 126

    Dear community members! We are planning to insert an XGS firewall into our existing network infrastructure with multiple WANs. This is the current setup: Three WAN routers from different ISPs with fixed public IPs are connected to a multi-WAN router…
  • cannot access yahoo web mail sites

    Hi all, I have a Sophos xg87 and a strange problem with accessing yahoo webmail sites from any computer on the lan. the site just does not open but also no error message appears and I can find nothing in the log files. It does not matter whether I…
  • Vlan routing issues -XG is virtual

    Hello I am trying my head around strange VLAN issues when XG is virtualized. The setup is as follows - ESXi has VLANS created. XG has two ports - Lan and Wan. Lan is on 4095, Wan is on different switch. XG Lan has multiple VLANS created (reflecting…
  • Sophos XG when switch connected to LAN interface no Internet

    I had the same Problem with my SG-125 with XG Home and NetGear GS305E and I've googled it but found nothing useful, so I had to figure it out myself After wasting around 30m troubleshooting and testing I found the reason, which was extremely unexpected…
  • TCP SYN / retransmission

    On Sophos XG 19.01 MR1 Virtual appliance, i have for several minutes that any new TCP session outbound to the web is not connecting. while inspecting a tcpdump file, i see that existing TCP sessions work normally, just any new TCP SYN is not getting…
  • Firewall FQDN Subdomain learning different cache TTL issues with Windows DNS Server

    Hi, this issue is listed as resolved for 19.0.2 NC-111476 FQDN Subdomain learning isn't working in case of non-SFOS DNS server set for client. We're on 19.5.2 We have a server that downloads files once per day from a FQDN like files.downloadserver…
  • RED zu RED Verbindung

    Moin, ich habe ein Problem mit unserer Sophos XGS Konfiguration. Ausgangssituation: - Sophos XGS | SFOS 19.0.1 MR-1-Build365 - P1-PRODUKTIV - 172.20.0.1/16 Netzwerk (Zone LAN) In diesem 172.20.0.1 Netzwerk befindet sich die VoIP TK Anlage…
  • Odd Behavior with System Generated Traffic over IPSEC

    Hi, Encountering a weird error when trying to attempt using a server for DNS forwarding. We have a few branch offices - each connecting to DC via IPSEC (Connection Type: Site-to-Site / IKEv2) - with the DNS Forwadering Host in the DC. Now here's…
  • Cant connect to FTP

    Hello, I am not able to connect with a local FTP script to a server. This script works at another location but not here. Sophos XG latest version SFOS 19.5.2 MR-2-Build624 Here is the log: messageid="01001" log_type="Firewall" log_component="Invalid Traffic…
  • PIM-SM and IGMP on interface in the same time

    Hello, Can I have PIM-SM and IGMP on a interface in the same time? I have a problem with IGMP on interface with active PIM-SM neighbour (pim-sm router). In the presence of a PIM-SM neighbour, IGMP is inoperable for another destination. Is this behavior…