Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • IPsec Connection down

    I am configuring some IPsec vpn between my client's main office and 10 branch offices. In the main office I installed a Sophos xgs116 (SFOS 19.0.1 MR-1-Build365) to replace an old Zyxel Usg 300 and in the peripheral offices there are 8 Sophos XG85 (SFOS…
  • MTA RBL syntax

    XG310 (SFOS 19.0.1 MR-1-Build365) All documentation examples for MTA RBL show usage with hostname only. Is it allowed to add information on the types of answers to consider? Background: spamhaus.org has blocklists in 127.0.0.0/24, but returns error…
  • SSL VPN Only Blocking inbound Communication

    XGS4500 (SFOS 19.0.1 MR-1-Build365) Our SSL VPN stopped allowing two-way communications. We can ping the VPN Client IP from inside the network. Once the client connects, the client cannot communicate to anything (full tunnel). NSLOOKUP, PING, etc. …
  • XGS+REDs - PCs on RED network shown as PRIVATE, not domain

    Hi, I had an issue in this scenario: XGS with SFOS 19.0.1 MR-1-Build365 + 2 RED60, Server W2012R2. The REDs operation mode is set Standard/unified; REDs are in a RED Zone. Each RED as it's own DHCP range (set in Network|DHCP (to be able to add static…
  • MTA is rejecting all incoming mails due to blacklisting from spamhaus.org

    Since yesterday, all incoming external mails are rejected due to "RBL listing". However like outbound.protection.outlook.com they are not on any RBL if I check. This happens on both independent XG 19.0.1 I am using (Home Edition) Could the reason…
  • Extra options for sophos connect VPN client

    Hi all, I would want to make the sophos connect vpn client *not to* store the vpn profile, and download it every time. I've checked the documentation at https://docs.sophos.com/nsg/sophos-firewall/17.5/Help/en-us/webhelp/onlinehelp/nsg/sfos/concepts…
  • Very Strange issue has anyone seen anything like this? - XGS RED 60

    I can't make sense of this issue, any help / ideas would be much appreciated because i feel like I'm taking crazy pills <insert Mugatu> I have the following setup: XGS 2100 Site 1 (Latest Firmware) SG 115 Site 2 The sites are connected via…
  • IPsec site to site problems with 2 XG with Home Edition license

    Hi to all, Let me tell about the config that I'm testing: - Site A: XG 135 Rev 3 with Home Edition license. FTTH connection 1 Gbps symetrical. Network: 192.168.21.0/24 - Site B: XG 230 Rev 2 with Home Edition license. FTTH connection 300 Mbps…
  • Firewall Home - Anti Spam is Dead?

    Hey Guys, I installed the Home Version of the Firewall yesterday on my ProxMox Server and it seems to run fine for now. What i noticed today, the Antispam Service is dead: When trying to start it from the Services menu i get the message " Couldn…
  • IPS updates - old issues returning

    Hi folks, over the last week or so I have noticed previously fixed issues with applications being incorrectly classified returning in my daily reports. Manual proxy surfing and thunder VPN. Why are these previously resolved issues appearing, does…
  • XGS116: Website does not load correctly

    Hello We have 2 Sophos XGS 116 and one website is not displayed correctly. The main.css file does not download or can't be encoded. I have created a ticket and already had a troubleshooting session with someone from Sophos. So far, we can't workaround…
  • Multiple CAA Clients Not Able To Connect At The Same Time

    Running into an issue and I'm at a loss to find the answer. Essentially when I first set up my XG firewall (Home User) I was able to successfully configure CAA access for all my endpoints and everything was working fine. About 2 weeks ago the firewall…
  • SD-WAN Profile failback with VPN Does not work.

    Hello Dear Partners! I configured an SD-WAN Scenario with Two VPN Tunnels and then created an SD-WAN Profiles. as the image below: I did the following Test I dropped the Main Link VPN_MTZ_1 and Sophos Quickly switched the Route to the Backup…
  • Open VPN cant connect to Sophos XG

    Hello, from one day to another I cant connect to XQ (latest Firmware). Opebn VPN sayes (I wil post only RED sections here): Fri Sep 2 15:43:48 2022 WARNING: Compression for receiving enabled. Compression has been used in the past to break encryption…
  • Sophos XG 450 - /var/newdb/base/16386 full

    Hey all :), our XG just notified us, that the disk is full. After a little search on Google I purged all available reports. Sadly it did not help. Is there something else i could do. Our Firewall is runnning the latest Firmware that is available 19…
  • Sophos Connect client unexpectedly logged out of the firewall

    XG Firewall version 19.0.1 MR1 build 365 and Sophos Connect 2.2.75 client are affected. After a successful IPSec connection, after a few hours, the user is unexpectedly logged out of the firewall. The IPSec connection itself continues to work, but any…
  • Central Accesspoints offline due to *.prod.hydra.sophos.com FQDN Host issue since 18.5 MR4 and also in 19.0 MR1

    There is an issue present is SFOS since 18.5 MR4 and still in SFOS 19.0.1 MR-1-Build365. We have a firewall rule that allows the required traffic from our AP and APX devices to Sophos Central. The Rule has *.prod.hydra.sophos.com as Wildcard FQDN…
  • Sophos Firewall: v19.0 MR1: IPS Update Question

    Hi, Not sure if this is a cosmetic issue, or something that needs further investigation - the IPS signatures are being reported in one part of the GUI as being old, but yet updated in another screen. Here it's showing Aug 26th But in this…
  • SFOS 19.0.1 Captive Portal not using singed certificate

    Updated Updated from SFOS 18.5.4 MR-4-Build418 to SFOS 19.0.1 MR-1-Build365 Captive portal is not using my uploaded signed certificate, Admin portal and user portal are using correct certificate. Same…
  • Client Authentication Agent not able to Login in Windows 8

    Dear all, We have recently upgraded firmware version v19.01 in our XGS2300 High Availability setup. After that we couldn't able to login into Firewall through Client Authentication Agent in particularly windows 8 devices and there is no problem in windows10…
  • PHP script for uploading Lets Encrypt certs is broken since 19.0 MR1

    Hi, I am using this script from user burton https://community.sophos.com/sophos-xg-firewall/f/discussions/129768/letsencrypt-api-update-script---dynamically-handles-multiple-certs-multiple-rules-including-re-grouping-of-policies-rules However since…
  • SNAT Rule for IPSec Tunnel not working

    Hello Community, I have an IPsec Tunnel with the Firewall IP (192.168.0.1) on local site and a Webserver (192.168.100.100) on remote site. The Tunnel is established. On local site I have a 2nd system (192.168.0.2), that should have access to the Webserver…
  • Unable to access Sophos XG when over remote SSL VPN with static IP

    I have created an ACL to allow myself access to my Sophos XG when I connect in using remote SSL VPN. It has always worked fine, but after enabling the use of a static IP, I can no longer access the sophos XG over HTTPS. I can access other devices on my…
  • SSL VPN locks user on failed password

    Hi, Using XGS 6500 with Sophos connect client (2.1/2.2). If someone mistypes their password just once whilst logging in to the VPN it locks the AD account. AD logs suggest 4 failed attempts by the firewall to authenticate against 2 domain controllers…
  • SSL VPN clients disconnecting right at 8 hours.

    Have a strange issue where anyone connected via the SSL VPN (Sophos Connect) will disconnect right at 8 hours. I've already checked the settings under Authentication > Services and they are set past 8 hours. Under Maximum Session time-out it is at "Unlimited…