Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • Source Countries are not reported, displaying "Reserved" only

    Hi. I'm using the most recent version of Sophos XG Firewall in a virtual Proxmox environment. I'm using it as my internet gateway / router. Therefore I have NAT enabled using the default firewall rule with a linked SNAT rule (MASQ). I enabled DPI…
  • How to see IP address based usage report in XG firewall

    Hello Guys, We are using Sophos XG-220 firewall since long. We have a Active-Passive configuration. For Internet usage, we have created multiple VLANs and All VLANs have multiple users. All users going through captive portal and login it's user name…
  • Help with "Invalid Traffic" in logs

    Hi, We have an XG 135 running SFOS 18.5.3 MR-3-Build408. There are two gateways, a primary and backup. One of our users is encountering an intermittent timeout on a specific website when performing a specific action. I have been checking our firewall…
  • Check logs for outbound SMTP traffic

    Hello, We have an old linux server we use to send emails with. It was set up by an employee who is no longer with the company, and no one has the login. We think we have moved all of our services off this server, so we think it is no longer being used…
  • Sophos XG firewall to elk configuration to dashboards.

    Hi I would like some guidance on how to configure elk to populate dashboards once SophosXG firewall is sending logs to my server and I confirmed this using tcpdump command?
  • disk usage - Sophos XG210

    Olá, Estou recebendo com grande frequência, alertas de utilização de disco ultrapassando os 80% em meu firewall e sempre que ocorre, realizo um purge manual dos logs. Acontece que a utilização do disco, por report está muito elevada, muito acima…
  • firewall logs - dest urls not ip address

    hi all, got an xgs firewall but when i go to "log viewer" from the home page to see live logs, all i can see is "src ip" to "dst ip" is there a way to see the "src ip" to "dst url" if i cant do it via the gui, is there a way to do it via terminal…
  • XG 18.0.6 Logging of NAT Rules and DNS activity

    Running XG 18.0.6 on my own hardware. Short version: How do you log activity of: a) DNAT rule which diverts DNS to the Sophos LAN Port b) The DNS service itself I can do some packet capture, but the logging tool seems to ignore a DNAT rule terminating…
  • Admin Logs for XG330

    Hello everyone. I have a question about the Admin Logs for XG330. Our Admin Logs in the GUI shows only the logs of the current day. I need to check yesterday's log, but it won't appear. First question: is this normal? I don't check this log frequently…
  • Can't find firewall logs in AllXGLogs CLI dump

    I've done a CLI dump of all the logs but I can't find anything that logs firewall rule hits (like the firewall section of the GUI logs). What am I missing?!
  • Reports not showing up

    Hi, We have 2 virtual Sophos Firewall in active-passive cluster up and running. When installing, I deployed OVF and before turning on VM and first boot configuration ( I mean creating report and config and signature partition ), I resized VM secondary…
  • Anti Spam logs?

    I am trying to find any log information as a result of "The Sophos Anti Spam Engine has blocked this Email because the sender IP Address is blacklisted" pop-over message that I see in the GUI when I hover over a REJECTED status in the mail logs. I tried…
  • Data transfer report inaccuracy

    Hi, I cannot retrieve accurate reports from on-box reporting. Data transfer report for specific user shows that user downloaded more than 9 GB today but application report shows 1.8 GB usage and web report shows 4 MB. I've checked all other reports…
  • View logs in Central Firewall Reporting

    Hello. Sophos Firewall 18.5.1. I recently changed every log type to log to "Central Reporting". The entire "Local reporting" column is empty. Before doing this I used to be able to go to the Sophos Firewall and click Log Viewer at the top right and…
  • log live view: search for IP beginning with e.g. 10. including the dot . not 100.

    Hi, is it somehow possible to get the live viewer filter correctly including the first dot? This is still not working. Any workaround? Already asked this unanswered in 2020: https://community.sophos.com/sophos-xg-firewall/f/discussions/123796/live…
  • SSL VPN more detailed reports

    Hello, i need some more detailed VPN reports for our management and so far i cant find any way to do this. Best report so far i found via Sophos Central but its not exactly what i need. On firewall Reports / VPN / SSL VPN is basicly useless for me.…
  • Wrong Categories in reports

    Hello, i have an XG 230 running on SFOS 17.5.15 MR-15, but it keep show me a wrong category reports. For example it list the LDAP traffic as P2P app category and "P2P Client Torrent" for application.
  • Sophos XG Reports : Show the used port

    Hello, The Reports Dashoboards show me lot of P2P and X-VPN between SSL VPN Clients and local servers, thing that i found it weird When i tried to find the port used between the user and server, it show me only the category. This is an example.…
  • No Record Found on Web Report

    Hey guys. I went to look for web browsing logs and no record was found. It has marked in my firewall rules as well as the web filter to do logging. I do the policy test and see that it matches the correct firewall and web rule for browsing. Notice…
  • Reporting

    Hi everyone i'm asking about the difference between web authentication and client authentication regarding reports because my senior says it's necessary to use client authentication to get a clear report for users while i see that both are the same…
  • Web Protection - Report User-Agents

    Hej, Is there a way to create a report in Web Protection that shows all the user agents of the network devices on the network? I would like to make an evaluation of all systems of the last month. Thanks a lot.
  • High availablity TCP port 2600

    We have 2x XGS2100 (SFOS 18.5.2 MR-2-Build380) in High availablity in (Active-Passive) They have a Dedicated HA link Dedicated peer HA link IPv4 address 192.168.10.2 Dedicated peer HA link IPv4 address 192.168.10.1 When I look in Log viewer…
  • My reports on dashboard disappear

    Please how can i get them back.
  • Security audit report - "No record found"

    Hello, About three months ago, I scheduled two security audit reports to be emailed to me. They have been fine up until about a month ago. I'm not sure what happened, but the reports now have no results. All the sections are now blank / empty with …
  • Missing option for interface up/down email notifications

    Hi, I've got two isp's and a site to site RB Tunnel to our branch office. I've configured two vpn tunnels and routing rules with differed metrics, failover if the primary tunnel fails works but we get no notification of this. The xfm interface is…