Browse By Tags

  • No acess with only ping and smb - vpn ipsec site ti site

    Hi all , Today i have weired problem ! I have vpn ipsec connection between HQ and BO There are few protocols allowed between the two LANS, but all access are initiated from HQ like RDP, Ping or access th share folder (SMB) So everything working…
  • Drop rule shows Accepted traffic in firewall AND proxy.

    Referencing this: https://community.sophos.com/sophos-xg-firewall/f/discussions/125695/bug-drop-rule-reporting-allowed-connection-in-logs And this: https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Logs…
  • XG Firewall Apple TV+ Connection Issues

    Ok, so I decided to give Apple TV+ a try. I am aware of how finicky Apple products can be, but decided to give it a whirl anyway. Perhaps I'm beating a dead horse on this. The first issue was the XG blocking QUIC, once I allowed QUIC, streaming seemed…
  • Local ACL Violation

    Hello, I'm running web server on port 443 in DMZ zone with another service running on port 7xxx. I can browse web page because of waf rule, but I can not connect to service on port 7xxx from WAN, Packet capture show ACL Violation Show…
  • DNS in an emergency rule setup

    Good day everyone! I am currently implementing an emergency firewall ruleset, which looks like this: - Allow all communications towards sophos central (for Live Response etc. to work) - Allow all communications coming from the physical Management…
  • Sophos Firewall: How to block advertisement on web via web filtering

    Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table of Contents Overview Create a Web Policy Firewall…
  • I am not able to edit a new firewall rule

    I have added a new firewall rule, but now I can't edit it. Please see the attached image, it appears to be blocked, I can't even select it.
  • How to block randomly login attempts in our Server.

    How to block randomly login attempts in our Server.
  • How to create a rule for FTP

    I have internal server. I need to access from external network with FTP
  • Failure to access intranet sites

    Hi All, I have a challenge accessing intranet sites Intranet sites have to be added to browser proxy server exceptions else they are flagged as not available ......................................................................................…
  • Sophos Central Firewall Rules

    I can't find any exact documentation on this. The first time I created a group with my first firewall, it the group seemed to adopt that firewall's ruleset and DNS setup without any prompt - it just did it. So, I've tried this again with a new group,…
  • Set up IMAP/POP EMail Scans

    Hello, I am trying to set up IMAPs/POPs/SMTPs Settings in an XGS running SFOS 19.0.1 In general there is an external Mail Server and in the local network behind the XGS there are Outlook Clients that connect to the Mailserver via IMAP 993 and SMTP…
  • Why this user or computer can access to internet ?!

    Hello All, With sophos xg in the company AD authentication (stas and CAA) I have may be 40 rules FW LAN > WAN, but all these rules are with " match known users ", so users or groups are presents there is no rule witch allow mac@ pc or ip address…
  • STAS issues with Web protection Policy

    Hello, i have an big problem at a customer site. We switched from UTM to Sophos XGS. We have configured STAS. There is a rule for Internet HTTP/HTTPS access. The rule is open for everyone. I have configured a Web protection Policy. On top everybody…
  • Sophos Firewall: How to restrict Gmail access to a custom domain

    Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table of Contents Overview Add a firewall rule Allow…
  • Force DNS to LAN PiHole XG Home 19

    I had this working in Untangle for years, then switched to OPNsense for a few weeks and got it working, now I've decided to go with Sophos but I'm stuck. (Loving Sophos XG, btw.) I have two PiHoles running on my LAN and want to force/redirect all…
  • LOCAL_ACL Violation IPSEC VPN

    Hi, I set up an IPsec VPN but I am getting Local_ACL violations... I want to access it from my LAN PC 172.16.16.19 The Firewalls WAN IP is 192.168.178.50 Traffic is allowed I only added 1 Firewall-Rule. I pass everything to everything... …
  • Site2Site Tunnel with unexpected gateway

    Hi, all. I have a Site2Site IPsec Tunnel (both are Sophos XG with actual version). Both sites have 1 LAN on their adapter.Working so far. One site 172.30.1.0/24, other site 10.10.10.0/29 (Sophos 10.10.10.1). Now I added a new small LAN to the one…
  • Site to Site SSL VPN cannot connect with another LAN

    Hello Expert, I've issue with Site to Site SSL VPN to connected with another LAN (File Share Server). I've tried many times to connect with the server but not success. My issue is PC2 cannot access (ping/trace route) with the File Share Server (ip…
  • NAT CONFIGURATION

    When try to save NAT Configuration it is showing "Original and translated services don't match" and am not able to store that. Any idea why? What am doing wrong?
  • Access to webserver (VPS): http://vcTerminal.company.com:9595

    Hi all, I have xg firewall i can't access to this vps (in object) i just firstly make firewall rule: source zone:lan destination zone: wan networks source: Any network destination: any services: http web policy: url list with only "…
  • Allow SFTP: id proto from LAN to WAN

    Hi all, XG Firewall I just need to know about allowing SFTP traffic from LAN to WAN Group of users need to upload files on SFTP Server partner located on WAN (WEB) The server SFTP is already configured and my public IP is allowed to access this…
  • Blocking UDP 500 to external networks without impacting a site-to-site tunnel

    Hello, we’ve had an external PCI compliance scan done on our network. It brought up UDP port 500 being in an open state and visible from external networks. We don’t have any active SSL VPNs besides a site-to-site tunnel going to one of our other branches…
  • MAC Filtering -Sophos XGS

    Hello All, We have a requirement to use MAC filtering for few clients which are connected to Sophos XGS via a core switch. The objective is if traffic comes from a specific MAC address needs filtering applied. Is that possible as i have seen below…
  • Email blocked with web filtering

    We have a Sophos XG 310 , firmware v19.0.1 , The firewall is blocking emails, with web filtering, we have not configured any policy to block emails, Instead we configured a policy to allow outlook.com , office 365. but if we put web filtering on the firewall…