System Configuration: 2x XG125s in an HA Pair running SFOS 17.5.15 MR-15. We have two ISP connections feeding separate unmanaged switches which feed Two WAN ports on both units. (ISP->UNMANAGED SWITCH->WAN Port). This enables failover for ISP Failure…

[EDIT] I misunderstood how DNS queries to addresses like 8.8.8.8 are routed. They do go through the VPN tunnel. My question -- which I can't seem to delete, so I am rewriting -- had to do with wanting to make the XGS be my DNS server, through an SSL…

Hi All, I'm currently testing migrating from the SSL VPN client to using The Connect Client with ipsec. I've set everything up and can connect without issue. I'm also able to resolve devices within the lan, ping them, access resources but no matter…

Hello all, I have 2 locations (HO & BO) each behind their own XG Firewall. I have created a Site to Site VPN and everything works via IP but not by DNS. The Setup is as follows: All servers are hosted in the HO. There are no servers in the BO. S…

hi. i have XG210 (SFOS 17.5.14 MR-14-1). it is also acting as DHCP server and giving ip to clients.in DHCP i configured DNS server of my local server i.e, domain controller. today i start having issue the i m not able to access the server placed in my…

Hi, I have two WANs connected on my Sophos XG SFOS 18.5.1. The DNS is configured with " Obtain DNS from PPPoE". My Problem now is, that my PhoneSystem is using DNS from the Sophos. But it may only use the DNS from WAN2 and not from WAN1. How…

Hi, i configured some clients in the network to start using the XG as dns server on saturday mid-day. After this you can see the memory usage ramping up, is possible that there is a memory leak? Fw is on SFVH (SFOS 18.5.1 MR-1-Build326)

We have a public wildcard DNS record configured (*.domain.com) so if someone puts in asdf.domain.com, it will still go to our main website www.domain.com. On the Sophos firewall, I have set up many DNS host entries in Network --> DNS, with the idea…

HI, Since myfirewall.co stops working, I would appreciate if you can add the ability to add a custom option. If you cannot add that option, I would appreciate if you can add the entry for my provider joker.com/.../what-is-dynamic-dns-dyndns.html Th…

Hello, We just set up IPsec client VPN. The DHCP pool is 10.81.234.5-10.81.234.55. "Use as default gateway" is unchecked. Originally, we had 8.8.8.8 in the DNS Server 1 field. Secondary DNS field left blank. When we'd connect to the VPN, internet…

I am running the latest XG release and am finding that sometimes DNS resolution is stopping. The Firewall is responsible for DNS requests. The problem tends to go away on its own by just waiting or I can force it by restarting the DNS service. Any suggestions…

I found a few similar questions from different people over the years as to why their XG makes constant DNS lookups to huge amounts of domains with none of the posts having a useful answer. Unfortunately all those threads were locked due to age so I've…

Hello, I have a XG with two interfaces in WAN zone (because I need a gateway for both) in a data center housing scenario. Let's call the interfaces WAN-int and WAN-ext. WAN-ext has a public IP-address and WAN-int has a private IP-address. …

hi all, on the sophos xgs firewall on the diagnostics i can ping 8.8.8.8 but i cant ping google.co.uk under "network > dns" i have added a few dns ips in there but when i go back to diagnostics ping, i type in google.co.uk, ipv4, select my wan interface…

Hello community, Recently i was asked to migrate an existint configuration from a router to XG firewall and here is the scenario : an application running in my local server with the name : transmission.local.co IP@ is 192.168.62.11 DNS serve r…

Hi, Can DNS Spoofing be detected.

I recently added Pi-hole as the DNS server for Sophos XG itself, and I’ve noticed in my Pi-hole logs that Sophos XG is making a significant amount of DNS queries to various google.x addresses, such as google.de, google.com.pr, google.to, google.com.af…

Hello all, I am currently trying to configure Sophos xg to replace my Fritzbox. From problems with certificates, I have become aware that my DNS resolution for internal hosts and the xg itself is not working. Currently I have only a test client, which…

Wr have a brand new XG86w that we are connecting to Comcast. The comcast modem is in basic bridge mode. The problem is that about every 10 minutes DNS fails. We cannot ping anything from the firewall. I have tried comcast default DNS, Google DNS and OpenDNS…

I'm looking to use the built-in DHCP and DNS server on the Sophos XG on my "Main VLAN" but I don't want other VLANs to be able to do any nslookups for the host entrys. Today VLAN1 has it's own DHCP and DNS server and the other VLANs uses the Sophos…

we hosted the server on IIS in the internal network and I assigned a domain name like app.example.com but the problem is while trying to access from outside the network using domain name(app.example.com) the website has not loading but while trying…

Running XG 18.0 MR5-Build586 on a pair of SG230's in HA (Active-Passive). We use the XG as a local cache and DNS relay, since we rely on AD DNS hosted in our AWS Virtual Private Cloud. We have DNS request routing setup so that only internal domains are…

As a quick background, I have been working with firewalls for about 15 years (Cisco PIX, Cisco ASA, and recently SonicWall TZ and NSa). I have been working on and off with Sophos XGs for about 2 years now so I am familiar with them but they are definitely…

I am using XG210 (SFOS 18.0.5 MR-5-Build586) and Sophos Connect 2.1.20. SSL VPN and IPSEC VPN for Remote Access is configured as "use as default gateway" forcing all remote traffic through the XG. Remote users are able to access LAN resources, that…

Sophos XG106 (SFOS 18.0.5 MR-5-Build586) I have set up several own DNS servers and added them to XG DNS settings. XG DHCP service provides those DNS servers to our clients. Clients are separated in different zones, all with their own WAN rule and…