Browse By Tags

  • Access Web Server externally error (You do not have permission to...)

    Hi There, So we have an XG Firewall setup, running "SFOS 17.1.2 MR-2", have been trying today to get a server on the LAN which hosts a web interface to be accessible externally, documentation for this server says it requires a Reverse Proxy setup…
  • Creating a new Business Application Rule hangs the screen

    I need assistance with creating Business Application Rules for Exchange General and Exchange Autodiscover. I can create User/Network Rules without freezing the screen but when I choose the option for Business Application Rule, it gives the list to choose…
  • WAF for Plex Media Server - 401 Unauthorized

    Hello Guys, at the moment I'm strugeling with the WAF on the XG Firewall. I wan't to configure an WAF for my Plex Media Server. The Problem at the moment is, if I'm trying to access to Plex from external I get the HTTP Message: 401 Unauthorized. I…
  • I can not access my PBX from WAN

    Hello everyone. Since I upgraded my device to version 17.0.8 MR-8 I have lost remote access to the extensions of my PBX. In the version I had before updating (now I do not remember what version it was) when creating the rules in the firewall I could…
  • Web access policy fails if tech support runs an application as an admin on user's PC

    Hello guys, We have implemented STAS authentication in our environment. Our web policy provides Tech support employees access to browse video hosting websites e.g Youtube, but the same category has been blocked for other people. When some non tech support…
  • Cant access exchange OWA

    Hi, I got a sophos xg 17 with a exchange server on a local IP-adress that I want to acces from the WAN. But with the exchange general rule I cant access it from the WAN or the LAN. I just get a sophos login prompt: I can send mail and receive mail…
  • IpHost/IpHostGroup objects added via API never available to Firewall rules

    Hi All, I added the following IpHost / IpHostGroup objects via API -- which are accepted and created in the system -- with the following payload: <?xml version="1.0" encoding="UTF-8"?> <Configuration APIVersion="1700.1"> <IPHost transactionid…
  • Mail and other client for e-mail - SMTP error

    Hi all! Recently, a firewall of your brand was installed in my office. Unfortunately, my colleagues and I find problems when sending mail with various clients (for example, Mail, Thunderbird, etc.). The error that is restituted refers to problems related…
  • Webserver Protection / Firewall Rule / denny access to special directory

    Hello, I´m running an Univention Server behind the XG with the Webserver Protection - it works :-) But - I want to denny the access to: https://www.domain.de /univention/portal/ I tried -> Protection Policies -> Static URL Hardening but as…
  • Unable to Get Remote Desktop Rules to Work

    I have been pulling my hair out for a week trying to get my CEO's Remote Desktop to connect at all with no success. Our practice has been to use a port other than 3389. For example, I change the listening port to 3410 on the CEO's machine, and setup…
  • Firewall Rule Changes disconnect all traffic

    Hi, When I make a change to an (unrelated) firewall rule, particularly a WAF rule, the firewall will disconnect all sessions for all rules/sites for a few seconds. This happens for all of our hosted websites. For example: 1. Make a change to Website…
  • Explanation or guide on reflexive rule

    Hello Guys! I can not find any guide explaining exactly how the "reflexive rule" in the "Business Application Rule" works. If there is already a "lan to wan" or "dmz to wan" rule that authorizes all outgoing traffic to the Internet, what is the…
  • "Hot Standby" option in Path-specific routing

    Does anyone know how the "Hot-Standby" option works inside a Business Application Rule on the XG. This is under the "Path-specific routing" inside the rule. The information from the help guide says _________________________ "(Optional) 'Enable hot…
  • Firewall Rules

    Is there a preference between creating a Business Application Rule vs a User/Network Rule? When to use either because they appear to be very similar when created.
  • Business Application Rule - Bidirectional

    Hello, I have another question regarding the business rule creation, when created does this rule automatically create a bidirectional rule by default or must I check "Create Reflexive Rule" to allow traffic to flow in both directions? Also when would…
  • SG17, help with setting inbound port translation as a part of a DNAT?

    I'm not sure what I'm doing wrong or if this is a bug in SG17. I am trying to nat an inbound destination ip and port from the WAN address and WAN port to an internal server and a different port. eg. Before DNAT: src IP: ANY src tcp port: ANY…
  • Guest wireless network access issue

    I am going to try to explain this the best I can. We have a Mitel phone system and we use the MiCollab app for cell phones and tablets and it works great when we are on the internal network and out the office on a cellular network or home Wi-FI. The…
  • Time-Based WAF-Rule possible on XG Firewall ?

    Hi Folks ! I have an interesting question due to a request from one of my customers. He asks me, whether there is a possibility to limit Access to Outlook-Anywhere outside of normal Work-Hours. Background of the question is, that the CEO want prevent…
  • WAF domain entry with wildcard in the name

    Hello Guys I'm currently testing the WAF to protect internal Web-Servers. With UTM 9, it was possible to configure a wildcard name for the responsible domains, like *.domain.ch as this covers all subnames like www.domain.ch, test.domain.ch and so on…
  • Is it possible to forward traffic to specific interface?

    Hi, We're creating a DNAT rule to forward the traffic from a public IP that is configured as an Alias in the Port8 of our XG firewall. All the traffic that enters the Port8 will be forwarded to Port7 that have the 172.16.16.1/24 IP. As you know…
  • Confirming/Monitoring NAT rules

    We are troubleshooting some strange TLS connection issues from multiple internal servers that are NAT'd to a DMZ address. Is there any way to show the translations in a live running log format, or even confirm them one-by-one that they are working? …
  • XG550 NAT - Not sure if it is working correcting

    Hi, I wonder if I can get some help on doing a NAT for our Video Conferencing unit. I am new to the XG550 and had tried to find out how exactly its done but it does not seems to work. It would be great if anyone can advise on my setup and any help…
  • Allowing RDP to internal server.

    Hi all, I want to allow RDP to a single server in our LAN zone but I'm not entirely sure if the rule I'm creating it's ok or not. So I hope you guys can give me a hand with this. - Eth1 it's our WAN interface. - When I have to use " Rewrite source…
  • Cannot Get Exchange WAF Rules to Work for Outlook Anywhere or Outlook Web Access (OWA). Outlook Mobile Access and Autodiscover work.

    I'll start by saying I attempted to replace my aging Forefront TMG 2010 server this past weekend with a XG310 running firmware 16.05 and after 6 hours of fighting with the Exchange rules I gave up and reverted back to the TMG. I have already went…
  • VOIP Setup with static IP

    Hi All, We've got an AdTran on the DMZ port of our XG 135 (running 16.05.1 MR-1). I've got the a Business Application Rule forwarding all coming into that Static IP to the AdTran on the DMZ. VOIP is working and audio traffic is passing, but we're getting…