Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • Cannot send Viber attachment on desktop version but successful on mobile version

    Cannot send Viber attachment on desktop version but successful on mobile version. Just migrated from XG210 to XGS2100 with latest firmware SFOS 20.0.1 MR-1 Build 342. No problem in fresh setup on XGS2100 both desktop and mobile version on Viber. Thank…
  • SFOS 20 IPV6 over PPPoE

    When will ipv6 be supported over PPPoE ? When I use any other router / firewall I am able to get IPv6 over PPPoE just not via Sophos
  • Please allow rule renaming

    HELLO When we create a routing rule (or other items that do not support renaming), and feel that the name is unreasonable or needs to be changed for other reasons, we find that the name cannot be modified and can only be rebuilt or copied. This is a…
  • VoIP-Telefonanlage hinter XGS

    Hallo zusammen, ich habe hier folgendes Scenario: Vodafone Anschluss mit fester IP ( 145.253.111.21 - nicht REAL). Jetzt soll eine TK-Anlage über VoIP angebunden werden. Da 4 IPs vorhanden sind, habe ich am Port 2 der Sophos eine 2. öffentliche und…
  • LAG configuration

    Hello, So I have a weird scenario and I need second opinion. We have two firewalls Active Passive and two switched Active Active The first switch was configured to connect to the primary firewall on a port F4 and this port has vlan on it,…
  • Hilfe / Meinungen bei Zonenaufteilung XGS116

    Hallo zusammen, ich möchte für unser kleines Familienunternehmen nächste Woche die Sophos XGS116 einrichten, weil wir vor kurzem einen kleinen Sicherheitsvorfall hatten und ich gerne unser Firmennetzwerk ein bisschen ändern bzw sicherer machen möchte…
  • Two Lan Network for Two different WAN

    Hello Guys, I've tried to search, but without any luck. Basically I have a very simple configuration: LAN1 192.168.X.X --> WAN 1 Now I would like to modify the configuration, in this way: LAN1 192.168.X.X/24 --> WAN 1 LAN2 192.168.Y.Y/24 --> WAN…
  • Externet Pentest

    Hallo zusammen, Ich stehe vor einem (mir) etwas neuem Problem. Einer meiner Kunden möchte einen externen Pentest durchführen, dieser Dienstleister fragt an ob wir seine IPs für den IPS Scan whitelisten können. Mein Google-Fu hat mich soweit geleitet…
  • INTERNAL NETWORK ACCESS TO EXTERNAL IP

    Hello, we have implemented the Sophos firewall and we are facing a serious problem, no matter how much we configure the internal network IPs, it does not access the external IP, Could you help us? Grateful
  • WAN/Internet failover confusion and Starlink

    I've got our firewall (XGS2100) connected to 2 Internet connections. One is a local wireless internet provider we've been using for years (as its a very good deal) and recently a Starlink connection to replace the woeful DSL and 4G connections. I had…
  • Network Configuration Issue

    ##### Aktualna konfiguracja **Router:** - Adres IP: 192.168.1.1 - Maska podsieci: 255.255.255.0 **Sophos:** - Interfejs LAN: 192.168.1.79 - Interfejs WAN: 192.168.2.1 **Reguła wyjątku listy ACL usługi lokalnej:** - Strefa źródłowa: WAN - Sieć źródłowa…
  • Replaced firewall with xgs 2300 - video server playback not working

    We recently replaced all our xg230 with xgs 2300 firewalls. Geovision Video server is on a dmz with port forward rule and NAT rule. Remote playback and viewlog you can't connect to them. Live view works fine. Other sites no issues. Firewalls are setup…
  • A phone is receiving ip address of the firewall when it connects to the network

    Good day We have an XG 35 ON VERSION 20.0.1 There is a phone that is connecting to the network.. and when it connects the network it is getting 192.168.10.1 which is the ip addresss of the firewall .. Our DHCP is the firewall , and the DHCP pool…
  • Block WPS office

    Hello, there's a way to block "WPS Office" from download? many thanks best regards
  • Ausgehende FTPS-Verbindung nicht möglich (Sophos XG210)

    Hallo Zusammen, wir scheitern daran eine FTPS-Verbindung zum Datenaustausch über unsere Sophos XG210 zu einem FTP-Server im Internet aufzubauen. Laut Betreiber des Servers sollte es ausreichen zusätzlich zum FTP-Port 21 die verwendete Portrange im ausgehenden…
  • IPS not applying to policies

    Hi All Ive spent some time on the Sophos documentation but I'm unable to get to an answer via the available online resources. I have a firewall with a few basic rules. Unrestricted internet policy - less web and app filter restrictions based on…
  • specific users to make use of just one of the ISPs

    Kindly help. I configured a load balance on two ISP links for my users. Among those users, I want some specific users to make use of just one of the ISPs only whole the rest use both.
  • SFOS 20.0 MR not showing any bandwidth in interfaces

    WAs used showing false bandwidth but after upgrading I get this: Anyone else experiencing this ?
  • Firewall rule - apply traffic with specific DSCP marking only - not works

    Hello everybody, I would have a question to the firewall rules and DSCP marking under "Other security features"... My Sophos instance is running in bridge mode in front of my router's WAN interface (with only one public IP). I apply the function " Scan…
  • Sophos XGS 107

    Guten Tag, ich habe ein Business LAN und ein Private VLAN aufgebaut. Der Drucker steht im Business LAN, ich möchte aus dem Privaten VLAN über iPhone "AirPrint" "Bonjour" auf dem Drucker drucken. Die FW Regel habe ich erstell, über die IP-Adresse…
  • How to exclude tightvnc from Risk or High Risk application list

    Hello All, I have added the "Block high risk (Risk level 4 and 5) apps" to the " Identify and control applications (App control)" part of Lan-To-Wan Firewall rule. With this in the La-To-Wan firewall rule, I can not connect to a remote computer, using…
  • Some computers cannot access Internet, some can

    Hi, we have suddenly a strange problem. We have an XGS136. We have two internal servers that need to be accessed from outside and the DNAT & NAT rules have been created accordingly. All the rules ( dnat, loopback, reflexive ) for the two servers are…
  • Block Impacket, psexec, Windows RCE

    Hello, Im doing some POC to chose the best firewall that have a good NGIPS. The default IPS profile was not able to block Impacket, psexec or any other Windows RCE. How can i made the IPS policy more strict for a LAN to LAN policy.
  • Configuring IP Spoof and DoS Protection without Blocking Outbound Internet Traffic

    Hello Team, I hope this message finds you well. I am writing to seek your assistance regarding a configuration issue I am facing with our sophos xgs firewall setup. We have recently configured traffic flow and firewall rules for inbound and outbound…
  • IPv6 - possible to configure the link-local-address (to fe80::1 for example) ?

    In the IPv6 training, a manually configured IPv6 link-local address for the gateway was considered "best practice". fe80::1 would be a good choice... Is it possible to configure this with sophos firewall? ...or why this should not be done? thx in a…