Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • How to enforce TLS negotiation for any SMTP traffic?

    Hello, as from here I can configure "Require sender email domains" to enforce TLS negotiation ( whitelisting ). Beside this I can configure "Skip TLS negotiation" ( blacklisting ). For compliance and legal reason I need to configure TLS negotiation…
  • Please advise how to block spam messages while using imaps and how to get smtp into the logviewer?

    Hi folks, a while ago I had issues with SASI not logging all iMaps traffic. The issue has been partially resolved by changing firewall mail rules. A new issue is I receive over 1000 spam messages a day from the same sites via the mail post office…
  • Web Server Protection stopped working

    Hello guys! I have a home server running a few services on port 80 and 2-3 other ports I also have dyndns (3 hostnames) and have been using waf to connect to those 3 services without the need to enter a port in the url (There are also a couple of…
  • Seting up webserver protection with https -> http

    Hi, I would like to setup a Webserver protection using the WebServer and HTTPS to the Sophos FW, but behind the Firewal, I want to use HTTP. Could anyone tell me how to setup that? I can see how to setup for HTTPS, but I am not sure how to send it using…
  • TLS Inspection Upload Speeds

    This is partly a question, partly a what's other peoples experience with this Doing some heavy speedtest loads on an XGS136 and an XG 135 and while both units with TLS inspection on will do 800mbps+ on the download they will only do 190mbps(XGS136)…
  • Web filter with content filter strange behavior

    I'm trying to test the web filter with a content filter and am experiencing unexpected behavior. I've created a blocked terms list with the following term: and uploaded it to a content filter called blocked_terms. I've also set up a web filter policy…
  • WAF wkth https not working

    Hallo everyone, I am facing with an issue in sophos XG with web server protection. I have created a WAF rule and redirect my alias ip to my webserver through HTTPS 443 select my certificate *company.com and add my webserver host my company.com but…
  • Is there a way to synchronise the web filtering set on the firewall to the rules set on endpoint ?

    Hi all, So we have Sophos XG Firewall as well as the Sophos endpoint client for A/V, web filter etc etc... The issue I am having is that we have more detailed filtering at the firewall level so no issues when users are connected to the work network…
  • Keyword blocking not working with DPI engine enabled.

    Is it expected behaviour for url keyword blocking not to work when DPI is enabled? See below for an example: I created the following category: With the following user activity: which I added to the following web policy However, when…
  • Issue with Host-Based Relay on Sophos XGS 3300 is not working

    I am currently facing issue with the host-based relay on our Sophos XGS 3300 firewall. As per our configuration, I have allowed specific hosts to send emails, while denying access to other hosts. However, it has come to my notice that some denied hosts…
  • Quarantäne Ausnahmen

    Hallo, ich bin auf der Suche nach einer Möglichkeit um bestimmte Absender von der Quarantäne auszunehmen. Mir wurde von unserem Servicedienstleister mitgeteilt das ginge nur über [Release & Report] Das kann doch aber nicht sein das wir hier selbst…
  • Sophos XGS | TLS/SSL Encryption - SFIRM

    Hallo, ich habe mit einer Sophos XGS 2100 im HA ein Problem mit der SSL / TLS Encryption. Wir benutzen das Programm SFIRM, welches Probleme mit der Encryption hat. Ich habe dementsprechend Kontakt mit dem Sparkassen-Support aufgenommen und die…
  • Sophos XGS Webfilter and Sophos Central Webfilter

    hello, How does a computer behave when it is in the firewall network but is also supposed to use and utilize various web policies via Sophos Endpoint Protection? The firewall also has a web filter that has been rolled out to different users and PCs…
  • WAF SSL Certificate Problem

    Dear All, I am facing with a Problem in sophos xg web server Protection, I have created all needed ruls and upload the ssl certificat to xg but in web application rule under the Host server when I select the HTTPS in the dropdaown menu I dont see me…
  • Exchange Enhanced Protection with SSL WAF

    So i know this topic has been discussed before but no one puts in a complete answer so going to ask it again. After enabling Exchang enhanced protection OWA externall breaks. I know this is due to the SSL offloading as this is mentioned in several posts…
  • Bloqueio a autenticação dos sites gov.br

    Prezados, utilizamos o Sophos XG 135, com ultimo firmware aplicado. Estou tendo problemas ao atutenticar nos sites do gov.br Como exemplo a URL: https://sso.acesso.gov.br/login?client_id=www.gov.br&authorization_id=18d47433c8d Recebo aviso de…
  • Sophos Firewall blocking outgoing IPv6 SMTP traffic

    Hello, I'm trying to configure SMTP on Sophos Firewall ( SFOS 20.0.0 GA-Build222) : everything is running smoothly in IPv4, but Firewall is blocking outgoing IPv6 SMTP traffic : I tried to define all kinds of (IPv6) rules to allow this traffic…
  • Caching Web Content XGS4500 (SFOS 19.5.3 )?

    Hello, I have a problem with our Firewall. We have a service Provider who takes care of our website, which is hosted by them. When they do any changes on the website, I cannot see these changes while connected to the internet through our firewall. If…
  • DPI vs Web Proxy

    Hello everyone, At the moment we are thinking about changing from Web Proxy to DPI on XG 230. As I understood from public documentation, there are some features, only supported with Web Proxy mode, but we are not using any of these currently. Therefore…
  • Problems with MTA traffic in an internal Test Network

    Hi everyone! we have a problem that we can't solve. We have two MTA servers in our network: the production one and one in the Test Net. We have recently migrated from SG to XG, and since the migration, we are no longer able to send Emails within the…
  • Web Server Protection: Dependency Error

    Hello! I'm trying to setup a Web Server Protection Rule for my home automation system. I have a lot of other WAF rules which work perfectly. I'm only having trouble with this one rule, where I get the following error: I just can't get this rule…
  • XGS Blocking Email Images on Apple Devices

    Got a nagging but not serious problem (I bet it's not really a problem) On my client networks, if a user has an Apple device, any email they check on that device while on my networks will not load images in an email automatically. [insert snide remarks…
  • Make specific URL with parameters available to the public and simplify it

    Hi there, we have an internal URL (like server1/.../access.php This link is designed to be accessed directly from the Internet and we would like to make it available to the public. But as this link is quite complicated and as it might reveal details…
  • Dringend: Sophos XG intercepts SMTP

    Hallo, ich habe eine XG im MTA Mode. Die "Auto added firewall policy for MTA" ist default und wurde nicht angefasst. Unter Administration --> Device Access ist das SMTP Relay auf internal sowie WAN an, da anders irgendwie der Sophos MTA keine…
  • thinking on moving over to sophos xg

    Hi everyone. I'm currently with arista/untangle & thinking on switching over to sophos xg. I have some questions though about the firewall. One thing i use quite a bit with arista is their content filtering (which is why i'm not going to go with pfsense…