Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • .tar files for TLS exclusions for Office365 updates not available

    I need to add the TLS exclusions for allowing Office365 updates through because the Web Protection module is blocking them - I can update my Office365 apps fine without the protection as this has been tested successfully. My firewall is XGS87 running…
  • Sophos XGS2100 - Sophos als MTA mit Exchange Online

    Hallo zusammen, wir sind gerade dabei in der Firma von einer Lancom UF zu einer Sophos XGS 2100 Firewall zu wechseln. Unsere Mails liegen unter Exchange Online. Die Sophos soll als MTA dienen. Den Artikel ( Set up Microsoft Office 365 with Sophos…
  • Order of domains in WAF rules

    XGS Firewall, WAF rules has 10 listed domains. What is the sort order based on for these domains? Whenever we delete one from say position 5, add a few new ones, then add the number 5 one again (we have saved and reopened the rule multiple times)…
  • WAF rules and IIS redirects with trailing slashes

    Situation. We have a WAF rule with several test sites in the domains list. Example below. test1.testurl.com test2.testurl.com test3.testurl.com test4.testurl.com These all point to one IIS. On the IIS these are all separate sites. When we…
  • is it possible to combine SFOS WAF with the built in OTP / MFA function

    I found some old posts (>2y ago) about the XG WAF module not supporting MFA authentication for a webservice. Has this changed since? We want to use MFA before using on-prem Exchange OWA. Many internal users already have an Sophos MFA token and it…
  • Mails sent from automatic systems related as spam

    Hi Our Sophos XG acutally moves much mails to quarantine which are not spam. For me, it looks like most of them are sent by automated mailsystems (a lot of them are invoices from partners, sent automatically to our invoice-Mailbox) The big Problem…
  • Site being decrypted with TLS decryption set to OFF

    Dealing with a strange issue where the FW appears to be trying to decrypt a site even though the setting is OFF. Is there another policy that would be impacting this (or producing this sort of error)?
  • YouTube for Schools exception in Sophos Firewall

    I've been wondering for a while, is there any way to check if the XG Sophos Firewall can provide access to YouTube for Schools rather than the general YouTube content? We're implementing a QoS plan, and that includes cutting YouTube access off, but…
  • Sophos Firewall cutting off URLs for web filtering.

    Over the last couple of weeks, we've been having an issue where a website that is whitelisted properly is getting miscategorized and being blocked as category none. As you can see in the picture below, the URL that the Sophos Firewall is processing…
  • DKIM issue with ed25519 selector

    One of our customers is encountering the following DKIM issue. Emails from two suppliers are consistently being quarantined due to DKIM verification. The selectors are as follows: s=strato-dkim-0003 c=relaxed/relaxed a=ed25519-sha256 b=512 s=strato…
  • Sophos XGS, WAF für Windows RDS Server 2022 mit Rollenaufteilung

    Hallo Community, Ich prüfe aktuelle das Setting mit einer XGS ( SFOS 19.5.3 MR-3-Build652) und dem Windows 2022 RDS. Die Rollen RDS Web und Gateway laufen auf einem dedizierten Server, der RDS Session Host und RDS Lizenz Server sind ebenfalls ein jeweils…
  • Incorrect WAF SSL Certificate Served To Client

    Hi. I am facing an issue with the Web Application Firewall. I have several WAF rules configured, some using SSL and other are not. They point to a central web server. The domain name is used to differentiate each web app and that is forwarded on to…
  • Greylist synchronization

    Hello, Yesterday we have upgraded a Sophos XGs cluster to firmware 19.5.3 MR3-build652 and we noticed that one of the 2 nodes was greylisting e-mails coming from addresses that have e-mailed this organization in the past. Once we failed the nodes over…
  • DPI Engine / SSL Traffic not beeing decrypted

    Hi Team, I configured a DPI Rule, that should decyrpt SSL/TLS Traffic, but it actually doesn´t, despite Policytest says, it does. Even if AV Scanning is active, the firewall does not block access to https://secure.eicar.org/eicar.com.txt . If…
  • Sophos XG with POP3 Scan

    We use a Sophos XGS87 (SFOS 19.5.3 MR-3-Build652) and we want to use POP3 Scanning in legacy mode. In document ( https://doc.sophos.com/nsg/sophos-firewall/18.5/help/en-us/webhelp/onlinehelp/AdministratorHelp/Email/HowToArticles/EmailConfigurePOPIMAPScan…
  • Does Email Callout Cache Results?

    I was having an issue getting an email to an address and discovered the address (which is actually an alias for another account) was failing on the Callout. I found that the alias had been deleted so I remade it. I'm still getting a failure on the…
  • SASI - Does the SASI engine scan imap/s traffic?

    I asked this question some 6 months ago, the thread is locked so I can no longer update it. Today I received a number of spam messages, which the XG has marked shown by the message in the mail message, but I get the same message added to genuine messages…
  • Web Proxy Policy

    Hi, I'm using Sophos XG virtual appliance and trying to add users as exclusions for the Web Proxy - Transparent mode (Direct Mode off). If Anybody is used, policy is doing the job and blocking .exe files (as example). But i need that some users to be…
  • BLOCK ALL WEB

    Hello I need help, I can't get it. I want to block the entire internet, except the Google Map page, to a single user. I enabled STAS but I couldn't assign a rule to the user. Thank you.
  • Sophos Email Protection - Exception list unsorted sender addresses

    Why is this list unsorted? I suggest an alphabetical order. A list field implies being sorted in a way that you can easily find entries in that list or add missing ones.
  • Syncing Endpoint Web Filtering to Firewall Policies

    Hi All, With both the Firewalls and Endpoints in our organisation being managed in Sophos Central, is it possible to sync the endpoint web filtering to the configuration of the XG, i.e. block lists, allow lists, etc.? This way we're not having to…
  • Create New policy for windows and antivirus updates

    Hi, We just want to create a policy in sophos firewall to allow updates for windows and Anti virus Please Ellaborate your Response
  • Quote how blocking works

    Hey guys. Thanks in advance for your time. I would like to know how the navigation quota works. Is the limit applied globally to the user of the group regardless of the firewall rule or does it only apply to the firewall rule that the group is applied…
  • Sophos Firewall Compliance with UK Government's Keeping Children Safe In Education

    Hi Sophos / Community, Please can someone confirm that Sophos Firewall Web Fitlering is compliant with the UK Government's Keeping Children Safe In Education standards? I'm unable to provide a direct link to the UK GOV website where this inforamtion…
  • WAF and RDG 2019

    Hi all, SFOS 19.5 Just got a problem with WAF and RDG 2019, i can't log to my server and i have this error: /rpc/rpcproxy.dll WAF Anomaly Inbound Anomaly Score Exceeded (Total Score: 13) Hope i will find…