Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • Web Filter looking for wrong certificate

    Hello, I was using a local CA certificate for Web Filter, it was working as expected but yesterday the certificate expired, so I renewed it, deleted the old expired certificate and imported the new one but now the XG is ignoring it and trying to use…
  • Sophos Firewall: Certificate Renewals with WAF and Cloudflare

    Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. ______________________________________________________________________________________________________________________________________…
  • Unable to delete expired Certificate Authorities

    Trying to delete some expired Certificate Authorities that are no longer used by any of our WAF rules, but receive "Certificate authority could not be deleted" Using WinSCP and navigating to /conf/certificate/cacerts/, the certificate authorities…
  • Letsencrypt API Update Script - dynamically handles multiple certs, multiple rules, including re-grouping of policies rules

    I wanted a way to auto update my letsencrypt certificates for use on my XG firewall and WAF rules. I developed this script to handle multiple certificates, and to be as dynamic as possible. The approach I took to achieve this is the following: 1) Within…
  • Can I buy Comodo positive ssl for webadmin login?

    I just want to get a certificate for the webadmin login. What are the brands that I can buy? Will comodo positive ssl works?
  • How to remove the certificate errors for webadmin and captive portal authentication pages

    I have followed closely step by step on this KB. https://support.sophos.com/support/s/article/KB-000036904?language=en_U I still cannot get rid of the Not secure warning by the browser. Am I missing something here? Ot do I need to buy my own CA…
  • Sophos Firewall: Uninstall the SSL CA certificate

    Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table of Contents Overview Untrusting & Uninstalling…
  • No heartbeat sessions - SSL error: SSL routines:ssl3_read_bytes tlsv1 alert internal error

    At a small remote remote site, there is a XG HA pair. Since Aug 22 Heartbeat is no longer working there. XG106_XN01_ SFOS 18.0.5 MR-5-Build586 We receive an informational mail on the same day (Aug 22) : So 22.08.2021 02:11 You are receiving this…
  • Certificate error while creating IPSec VPN

    Hi, I'm trying to create an IPSec VPN Connection, I did followed this guide -> docs.sophos.com/.../VPNIPsecSophosConnectClient.html But, when I click in "Apply" button, this error message shows up "'undefined' remote certificate has expired or…
  • Two Sophos XG sharing same clients certificates , how to ??

    hello we have two sohos xg in different locations, each one has different ports and configuration our users use android and windows agents to access the internet. the problem is that the two XGs have different client certificates, so when user move…
  • Download Certificate as p12

    Since SFOS 18.0.5 (18 MR5) it is no longer possible to download self-signed certificates as .p12-certificate (certificate with private-key). It is only possible to download the certificate as .crt without private-key. Does anyone have an idea how…
  • SFOS 18.0.5 MR 5 - Certificate Could Not Be Generated

    Howdy, Can someone please tell me where the log files for certificate import are located on SFOS 18.5? I'm trying to import a wildcard certificate that's been exported from a Windows Server as .pfx (just the certificate, not the certificate chain…
  • Adding a SSL Certificate (e.g. for the User Portal) does not work.

    Hello. I would like to install a SSL Certificate for my User Portal to avoid a Certificate Warning in the Browser by accessing the User Portal via Internet (https). I already know this Tutorial: https://docs.sophos.com/nsg/sophos-firewall/18.0/Help…
  • Zertifikatsignierungsanforderung (CSR) erzeugen in XG Home nicht möglich

    Hallo, ich teste derzeit die XG Firewall als VM/Software mit einer Home Lizenz. Ich würde nun gern ein Zertifkat für das Portal (Admin und User) installieren, allerdings kann ich Bereich "Zertifikate" -> Hinzufügen die Maßnahme "Zertifikatssignaturanforderung…
  • SSL Inspection (imported list of Root CA/Intermediate CA)

    Hello I'm wondering how Sophos XG validates the certificate chain (web surfing ssl inspection). We use web policies with "block invalid certificates" on a new installed sophos XG for a customer. Normally, we don't see a lot of blocked websites due to…
  • SSL certificate is not selectable for admin console and end-user interaction

    Hi all, I do have a problem installing/using a signed ssl cert for securing http access to the admin panel and user interface. What I did: I created a csr in Sophos XG (18.0.5) I used the csr to order an offically signed ssl cert after verification…
  • CA certificates being rejected in error? (If so, how to report.)

    We're having issues with some Ring Central pages being blocked. You'll see an error like: But the certificate details look reasonable to me. In the SGX I find: The certificate in the block message looks the same as the second certificate to me,…
  • SFOS V18 breaks the Pocket Guide for using Digital Certificates in IPSEC VPN connections

    i've noticed that in SFOS V18 downloaded certs are now in CRT instead of PEM format. Strangely enough when you upload certificates into a V18 appliance it doesn't expect a CRT file. Additional work needs to be done with converters before it can be used…
  • IPsec Client VPN Certificate problem

    Hi there, Our IPsec VPN Client was working fine but suddenly it stopped working giving this error 'Filed to established child SA' knowing that the SSL client VPN is working fine. In the Admin page of Sophos VPN it says ' 'undefined' remote certificate…
  • Cannot Change ApplianceCertificate

    I would like to setup sophos network agent for authentication to a Wifi Network on iOS. Followed this guide to generate self signed cert: https://support.sophos.com/support/s/article/KB-000038295?language=en_US But when I get to Step #4, I only see…
  • 1. IPSec Tunnel alle 2 Stunden Down/Up , 2. iE bringt Fehler am Außenstandort mit XG

    Hallo Liebe Community, ich habe seit gut einem halben Jahr massive Probleme mit einer meiner XGs. Ich muss zuerst sagen, dass ich von Sophos absolut null Ahnung hatte als ich zu meinem neuen AG kam und das Erste was man wollte ist die alten UTMs loswerden…
  • How Sophos (or firewalls) determine that a certificate is invalid?

    Hello everyone, Recently, I have been experiencing some issues for having HTTPS scanning/decrypting active in the rules on my network. For some reason, when I try to access some websites I got a Sophos block message saying that the certificate its…
  • Adding Certificates

    Good day. I would like to ask for your assistance about adding an updated certificate to publish my webserver. When I try to add a certificate, It will not show up on my Business application rule>>>> Https Certificate Entries. I uploaded the .dem file…
  • Webadmin Certificate Error NET::ERR_CERT_COMMON_NAME_INVALID

    On my windows machine I have installed the "Default" CA as well as the Appliance certificate (which I am also using for SSL/TLS inspection and SSLVPN). When I try to go to the IP address of the firewall I get this error: NET::ERR_CERT_COMMON_NAME_INVALID…
  • LDAP certificates - Google Workspace

    Hi all This was asked previously in https://community.sophos.com/sophos-xg-firewall/f/discussions/119909/sophos-xg-user-authentication-with-g-suite-ldap , but it looked like the thread went dead without ever getting a conclusive answer. I've utilised…