Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • SD-RED network can't reach XG Network

    Hello everyone, I have a problem with a sd-red 60 in transparent split mode, the scenario is: - Tunnel is up and hosts behind red can surf. - From XG I can ping the hosts behind the red and reach remote desktops and everything, but from Red I can…
  • Help! NAT that works on UTM9 not working on SF/XG.

    Hi, hoping someone can help. Apologies for the long post. *** This looks like a repost from another user but for some reason when I logged in to the community recently it set up a new account for me. I am the OP of this thread** ALSO, Although in…
  • Unable to update PS5 games - "Invalid traffic" - conntrack

    I have a problem with our PS5. We are unable to download updates to software. Initially this was failing when it was connected via WiFi using Sophos hotspots. I connected it via a wire and it worked, for about a day. I am pretty sure that my issue is…
  • XG115 Firewall and 1to1 NAT

    Hi There, I’m new in the Sophos world and I have some trouble configuring 1to1 NAT. My case: XG115 Firewall (XG115 (SFOS 19.0.1 MR-1-Build365), 1 Server in the LAN (no DMZ), 1 public address for this Server. I want to access my Server from Internet…
  • Sophos Firewall and SQL Server Management to Azure SQL

    Hi, I have Sophos Firewall v19 and a internally computer that needs to connect to Azure SQL using SQL Server Management tool. If I create a rule that allows the computer outbound on destination ANY service, it connects, great. I want to lock it…
  • Configure two WAN for WIFI zone

    Added second WAN zone network port5 ipv4 192.168.101.2/27 gateway ip 192.168.101.1 SSID new network DHCP Firewall Rule WAN link manager information able to connect Tablet to Wifi and i get DCHP release result block firewall…
  • I can't access internal/external ports

    I have a XGS Firewall in bridge mode behind a Uniif Dream Machine. Sadly the port forwarding rules don't work and i wanted to ask if someone maybe knows why. The XGS is in the 192.168.55.x LAN and the Unifi (my main LAN with all devices) is in the 192…
  • Site 2 Site VPN open but but hosts not reachable

    Hi there I configured a site to site VPN on a XG 115 On the other side we have a Zyxel Firewall, The VPN seems to work, VPN green and connection green. But hosts are not reachable on the remote side. I think it is a Firewall rule missing on the…
  • Sophos Firewall: How to troubleshoot dropped packets

    Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table of Contents Overview Log Viewer Firewall (Invalid…
  • XG 85 and 105 not resolving specific hostname

    Greetings guys, Hope you all doing well, I'm running Sophos XG 85 and 105 at: XG105 (SFOS 17.5.17 MR-17-Build837) XG85 (SFOS 17.5.17 MR-17-Build837) I have multiple network environments where I use Sophos Firewalls XG 85 and 105. When I try…
  • Configure firewall rules for users object

    Hi every body/ I'm no familiar with XG so much (I have UTM). Is it possible to configure rules in firewall in XG to use "user" or "user group"? The XG gets the user list thru active director. My goal is to create a firewall rule based on users group…
  • 2 wan connections unable to access static ip's on one from main lan but can from outside

    I have 2 wan connections 1 FTTP with 1 static ip and 1 FTTC with 6 static ip's, i have set up some nat rules for the main connection (FTTP) and they are accessable from inside the lan, i have also tried to setup some nat rules for 2 of the 6 ip's on FTTC…
  • Default SSL/TLS inspection rule missing

    Hi there, I recently configured a new XGS3100 active/passive cluster with SFOS 19.5. Everything seemed to be fine, but as I wanted to configure the SSL/TLS inspection (I normally do this as one of the final steps) I realized, that there is missing something…
  • No acess with only ping and smb - vpn ipsec site ti site

    Hi all , Today i have weired problem ! I have vpn ipsec connection between HQ and BO There are few protocols allowed between the two LANS, but all access are initiated from HQ like RDP, Ping or access th share folder (SMB) So everything working…
  • Drop rule shows Accepted traffic in firewall AND proxy.

    Referencing this: https://community.sophos.com/sophos-xg-firewall/f/discussions/125695/bug-drop-rule-reporting-allowed-connection-in-logs And this: https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Logs…
  • XG Firewall Apple TV+ Connection Issues

    Ok, so I decided to give Apple TV+ a try. I am aware of how finicky Apple products can be, but decided to give it a whirl anyway. Perhaps I'm beating a dead horse on this. The first issue was the XG blocking QUIC, once I allowed QUIC, streaming seemed…
  • Local ACL Violation

    Hello, I'm running web server on port 443 in DMZ zone with another service running on port 7xxx. I can browse web page because of waf rule, but I can not connect to service on port 7xxx from WAN, Packet capture show ACL Violation Show…
  • DNS in an emergency rule setup

    Good day everyone! I am currently implementing an emergency firewall ruleset, which looks like this: - Allow all communications towards sophos central (for Live Response etc. to work) - Allow all communications coming from the physical Management…
  • Sophos Firewall: How to block advertisement on web via web filtering

    Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table of Contents Overview Create a Web Policy Firewall…
  • I am not able to edit a new firewall rule

    I have added a new firewall rule, but now I can't edit it. Please see the attached image, it appears to be blocked, I can't even select it.
  • How to block randomly login attempts in our Server.

    How to block randomly login attempts in our Server.
  • How to create a rule for FTP

    I have internal server. I need to access from external network with FTP
  • Failure to access intranet sites

    Hi All, I have a challenge accessing intranet sites Intranet sites have to be added to browser proxy server exceptions else they are flagged as not available ......................................................................................…
  • Sophos Central Firewall Rules

    I can't find any exact documentation on this. The first time I created a group with my first firewall, it the group seemed to adopt that firewall's ruleset and DNS setup without any prompt - it just did it. So, I've tried this again with a new group,…
  • Set up IMAP/POP EMail Scans

    Hello, I am trying to set up IMAPs/POPs/SMTPs Settings in an XGS running SFOS 19.0.1 In general there is an external Mail Server and in the local network behind the XGS there are Outlook Clients that connect to the Mailserver via IMAP 993 and SMTP…