Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • Routing from WAN to LAN - Some help needed

    Hello everybody, I need some help here. I recently migrated from pfSense to Sophos XG home and I really like it, but I have some trouble getting my routing configured. Basically I want to configure remote access to my media servers. What I did is…
  • Zugriff von Standort A über VPN auf spezielle externe IP-Adresse über Feste-IP von Standort B

    Hallo zusammen, ich probiere hier schon ewig rum, evtl. kann mir von euch jemand einen Tipp geben. Welches Problem habe ich? <Client> -> <SITE A> -> <IPSec-VPN> -> <SITE B> -> <STATIC EXTERNAL IP> -> <Backend> Ich müsste vom Standort A über den VPN…
  • Best practice for protecting a business centre with multiple clients

    Hi all, we have taken on a business centre as a client. They have a draytek firewall that has a primary and secondary internet connection but there is no segregation of the network between clients. All clients connect into the same network switches on…
  • When ISP modem in router mode - whats the best setup for XG WAN?

    Hi all - we are new to Sophos XG firewalls. We have a client that has a vodafone vDSL router that when put it in bridge mode, the Sophos XG won't connect to it for some reason. It seems we can only retain internet connectivity if the Vodafone device is…
  • Need help settings up a Sophos XG router on a DOT network

    Basically i currently have a DOT system (Digital Office Technology) with a router that handles all phones so i can't get rid of it, i would like to setup the Sophos XG behind this router and also use it to do my VPN, is this possible? What is the best…
  • XG Blocking DNS Lookup - DNS Request Timeout Error

    Hi all, I recently tried to point our DNS servers to our XG230 but when I run an nslookup I'm receiving the error "dns request timed out. timeout was 2 seconds". Our setup is pretty simple. We have 2 x Windows 2012 DNS servers. Each server points…
  • Layer 3 switch and ipsec problem: connections denied and UNREPLIED from remote site but ping work

    Hello, i have this nasty problem and i don't know to bang my head anymore. I cannot reach a device on a remote site from HQ site and another remote site via IPSEC. Topology: Introduction: i have 4 XG in 4 location and a HUB-SPOKE IPSEC VPN setup…
  • Route Remote site through Site 2 Site tunnel in order to access host

    Here is our current setup - We have 3 sites, remote site is 192.168.0.0, HQ is 192.168.1.0, and a site to site tunnel to a hosting site where we access one host (192.168.216.3). The tunnel is configured between HQ and the hosting company, that connection…
  • Why no inbound traffic on an IPsec site-to-site VPN using pre-shared key between SOPHOS to Sonicwall

    Hello, We have an IPSec site-to-site VPN which is Active and Connected but we're not getting any inbound traffic, we can't ping from the Remote to any Local IP's but it works the other way around. Tried a bunch of different combinations of Policy…
  • Traffic not routing back to tun0 with SSL VPN

    Sophos XG 210 is NOT the default gateway on my current LAN, nor should it be. Port 1 - 192.168.10.2/24 & 192.168.200.2/24 Port 2 - Public WAN IPs SSL VPN 10.10.200.20/24 I am able to successfully connect to the SSL VPN, using LDAP (AD) authentication…
  • VPN Verbindung von WLAN ins LAN

    Wir haben eine Firewall XG. Mit dem SSL VPN Client verbinden wir uns ins LAN. Das funktioniert soweit. Nun haben wir auf der Firewall einen weiteren Port auf dem das WLAN in einem anderen Subnetz liegt. Das WLAN hat keinen Zugriff auf das LAN. Um vom…
  • Remote SSL VPN to IPSEC Site2Site VPNs

    Have setup SSL Remote VPN Connects fine and is able to access the LAN of the XG What i want to achieve is to be able to access IPSEC VPNs to other remote LANs via the XG. I have tried setting the VPN settings to use as default gateway and adding…
  • Sophos XG redirecting ping

    Hi. I have a problem with connectivity between two subnets on my sophos XG. The Sophos XG is my router and firewall and have 2 interfaces, one for wan and one for LAN. The LAN interface has 3 alias with 3 subnets, lets say 10.1.1.0/24, 10.1.2.0/24 and…
  • Routing ins WAN/Internet funktioniert nicht

    Hallo liebe Community, egal aus welchem Netz ich komme, die Sophos routet nicht ins WAN-Netz/Internet weiter. WAF und der Ping von der Sophos ins Internet klappt ohne Probleme, Default Route hat er auch das richtige Gateway. Schnittstellen…
  • Windows update on secondary / backup link

    We have 2 x WAN links, one as a primary the second as a backup. we have found windows update killing our primary link of late so would like to send all windows update based traffic on the secondary/backup link. We are running a Sophos XG 16.05.8 MR…
  • Force specific websites through VPN tunnel?

    We utilize Azure for a number of things, one of which is housing certain databases and applications. Folks who work remotely and use the VPN to access our internal resources are not able to access these Azure resources because of IP filters we have in…
  • Planning a 4G Backup WAN Link with custom firewall rules

    So, we have a 4G SimpliFi system hooked up as a Backup WAN Link. We've tested this, works GREAT! However, we've identified that in the event of a WAN failover to our backup link, we want to only deliver Internet access to those services we've deemed critical…
  • Force traffic from a specific IP/IP range go throught a remote proxy server

    Hi Not sure how to archvie this. What should I do to transpartently route all traffic from a specific TV box via a remote proxy server on the Internet? for example a TV box watch Netflix outside US. Policy routing ? Thanks
  • RED 15 with windows DHCP

    We are testing a RED 15 for a new branch office, here is what I would need. Main office: XG210 configured and running no issues here Branch office: (will have) 4 users 4 VOIP shoretel phone that have to connect to server at main office 4 desktops…
  • PPTP VPN cant passthrough behind mikrotik (transparant mode)

    Hi All, i wanna ask about VPN PPTP behind mikrotik not reach the destination (transparant mode), can someone give another information? actually the user can get IP VPN from mikrotik but they cant ping the server (destination) i already read about…
  • XG Active Passive HA Cluster Not Working

    I have two XG210's that I am attempting to configure in Active/Passive HA. I followed the instructions here: https://community.sophos.com/kb/en-us/123174 The firmware on both is 17.03 M3 I configure all the settings and it syncs successfully, however…
  • Accessing Local subnet over Remote SSL VPN Range network

    Created SSL VPN by following the KB122769 with the following settings: IP Host - Local subnet 192.168.3.0 IP Host - VPN Range 10.10.10.1 to .25 Under SSL VPN (Remote Access) I have Identity of Remote SSL Group and under Tunnel Access I have added…
  • RED15w does not receive WLAN config from XG (SFOS 17.0.3 MR-3)

    Hi all Just a perhaps simple question: New XG installation with 7 branches (6 Red15w and 1 Red50), all RED's work in standard / split mode and are in the LAN zone. The connection and routing between the branches works fine. The WLAN configuration in…
  • Multiple Nics und Subnets

    Hallo zusammen, ich habe seit paar Tagen die UTM9 installiert und bin noch dabei mich damit zurechtzufinden. So sieht mein Setup aus: Internet ---- Speedport ---- Sophos UTM (4 Nics) --- PC --- NAS --- WiFi AP --- WAN Leider war es mir bisher nicht…
  • Is that possible to let a interface with 2 IP addresses?

    I am going to let a SOPHOS XG310 Lan interface to own two Lan Ip addresses as Client Gateway. Is that possible? The reason for my case is that my client currently is in an asymmetric routing problem which some hosts' gateway are to Sonicwall (192.168…