Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • make one LAN go out different WAN address

    hi all, i know you do this via SD WAN and SNAT policies, like below make two SD WANS "source networks" LAN 2 subnet > "SD WAN profile" choose the other WAN 2 address in drop down "source networks" LAN 1,3,4,5,6 subnets > "SD WAN profile" choose…
  • Sophos XG V19

    Hello, how can I configure my wireless to use a different ISP rather than the one used for my LAN.
  • BGP routing issue with AWS VPC

    We upgraded to V19 and I imported the XML file to create the STS VPN. The tunnels come up and the BGP routes are added to the routing table. The issue is with us working with a vendor on the VPM tunnel they have the same IP network setup on their side…
  • XG 19 SD WAN with NAT rules

    Our XG 19 has 2 ISP links. I created a NAT policy though the wizard which allows reaching a server on the LAN. this NAT policy is set to be available only on ISP1 - FiOS I also created an SD WAN policy for outbount connections to select ISP based…
  • SD Wan profiles and Wan Link Manager - differences?

    Hi I've not long ago upgraded the firewall to V19 in anticipation of the new SD-WAN profile settings that will hopefully manage our internet connections a bit more reliably. Up until now I've had them set up as failover in thte WAN link manager to…
  • SD WAN Profile Probe target for xfrm interface

    I have multiple XG 19 devices, and all of them have 2 ISP links. I created a full mesh IPSec VPN tunnel between every ISP on every device, and assigned IPs for each xfrm interface. <Site 1 ISP 1> to <Site 2 ISP 1> 10.11.21.1 <Site 1 ISP 1> to <Site…
  • SD-WAN Policy & Failover

    It sounds like I have a very specific use case that no one else has brought up in tutorials. I have two WAN links, one being the main gateway, and a LTE failover (we require this for our POS system). We consume a lot of data, and I don't want to overwhelm…
  • Route/Redirect specific traffic to other WAN Gateway

    Hi All I have three gateways 1 being my main and the 2 backup and would like to redirect traffic for specific service (Slack & MS Team) to my back lines.
  • M365 Service Object

    Hi, I've been looking at the new SD-WAN features in V19. The below video gives a great overview of how to configure various SD-WAN Policies. https://techvids.sophos.com/watch/wa9zCk2gTKVmiekmybyux7 The last section of the video shows how to set…
  • Routing over different IPSec tunnels based on source IP

    I have two different VLANs on my LAN (192.168.1.0/24 and 172.16.1.0/24) I have two IPSec tunnels both which have a destination subnet of 10.10.1.0/24 (this cannot be changed as it's a third party connection which uses public DNS records so cannot use…
  • Can't ping or browse devices connected to XG 125 firewall through unmanaged switch

    Hi there, I have no experience with Sophos firewalls. I recently purchased XG 125 for a small office. I have done the initial set up and the device is connected to the internet. I connected a level one switch (unmanaged) to the one of the LAN ports…
  • How to forward the traffic from all destination IP belong to 1 country

    Hi There, our firewall have 2 ISP network, if I want to forward the network traffic of all destination IP that is the range of china IP address to the china telecom this ISP , is that possible ? if so, how can i identify this destination ip is in china…
  • how to setup 3 wan with 3 network client without fail over/redundant/load balance in sophos xg 19

    hi how i can set wan 1 for netwock client 1, wan 2 for network client 2 and wan 3 for network client 3 in new firmware 19. i was try and try to setting route precedent from, static, sd-wan and vpn, also i change sd-wan, static and vpn but its not…
  • XG 19 SD WAN Application timeout

    I have XG V19 Firewalls and created a SD-WAN policy to handle traffic for Site 2 Site Route based IPSec VPN with xfrm interfaces. it works great, just some strange issue, many application that are used over that VPN timeout and crash after around 15…
  • SFOS 19: RED and OSPF every few minutes a new Election

    Hello Community, I have a Sophos Firewall (SFOS 19) which have a RED Tunnel to another Sophos Firewall (also SFOS 19). OSPF is in general working, but every few minutes both firewalls the Firewall initiates a new election, that will cause a interruption…
  • How to direct the traffic of OneDrive and Sharepoint access to another public network

    Hi There, We have a XG430 firewall with 2 different dedicated network, we want to route the traffic of Microsoft OneDrive and Sharepoint access to another network, as this network did not have so many access , can you show me how to do this in our firewall…
  • Migrate Internet on XG330

    Are there any technical guides or knowledge base articles related to migrating internet service from ISP1 to ISP2? I have multiple public IP addresses in use with my current ISP. On these public IP addresses I am connected to multiple remote locations…
  • Mismatched client gateway

    Setup Sophos XG 330: LAN Port 9 10.0.0.248/24 LAN Port 9.8 10.0.8.248/24 FIREWALL RULE: LAN any - LAN any ALLOW Port 9 plugged in Switch port 24 Layer3 Switch: VLAN 0 10.0.0.1/24 VLAN 8 10.0.8.1/24 Port 24 Trunk ALLOW ALL VLAN Port 1 VLAN=0 Port 2 VLAN…
  • Routing Problem with Sophos XG

    Hello, i have a problem and i hope you can help me: 1) I have a zone called >RED, with my REDs in branch offices (Ip-network: 192.168.41.1/24) 2) I have some destinitions which are connected with IP-Sec connections (IP-Network: 172.30.200.0/24…
  • OSPF version in XGS

    Hi, What version of OSPF the XGS firewalls support? I tryied to read in the papers product but there is no answer for that. The XGS 3300 has support for version 3 (RFC 2740)?
  • xgs - sdwan cli set policy routing

    hi all, have the xgs firewall and i can ssh into console via admin but whats the command to see what sd wan policy its using or whether its on and if need be, change it to sdwan first and then vpn thanks, rob
  • Routing capabilities of XG 430

    Hello, I apologize if this is a rookie question. I have 2 XG 430s in HA mode behind a Cisco 3900 router. ISP>Cisco>XG>Users My question is can we use the Firewall(s) for routing and eliminate the Cisco router? I believe it's only doing layer 3 routing…
  • VoIP communication problems over SD-WAN and IPsec-Interfaces

    Hi, We have several departments and connect them via IPsec “Tunnel Interfaces”. For each interface we set up a Gateway and configured a SD-WAN policy. This works for the most Services, but not for VoIP and Radius. The traffic is logged as allowed…
  • 4 Byte AS Number Support for BGP

    I am configuring BGP on a Sophos XG Firewall (18.5.2 MR-2-Build380). Our ISP has assigned a 4 Byte AS Number. For the purpose of this discussion, let's say it's 4000012345 (Binary: 1110 1110 0110 1011 0101 1000 0011 1001 ) The issue I'm having is…
  • TWO gateway internet

    Dears, I Have firewall SOPOHS XG230. I have two gateway to internet. when do rule LAN to WAN and select nat rule MASQ to access intenet. I want change internet gateway for some LAN's IP, how i can do it? some LAN access intenet from GW1 …