Hello,
We have the problem that users who work from home and only have an IPV6 address cannot use the WAF rules and web server access.
Can we allow "any IPV6"? "any IPV4" is allowed. What would be the best approach here?
Thank You!
Good day
we have configured Web filtering to block peer to peer and torrents... but we still can access the Pirate bay website.. I have also added a category to block the urls , but we still can access the sites.. we tryed opening on private browser…
Hi there,
we want to open the url: https://procurement.cern.ch and get the error: 502 Bad Gateway.
If I open the URL without our firewall ( at home...) the website will open !
So the problem is our Firewall with SFOS 20.0.0 GA Build 222.
I also…
Hi there,
is it possible to create an exception for a filetype that should be allowed on a specific website only? We have a webpolicy, that restricts filetypes based on file type category. We want to allow one of that types for a certain website.…
XG SFVH (SFOS 20.0.0 GA-Build222)
I have set up a web policy with quota for gaming. I would like it to disconnect user from site after time is used. The way it works now is the user can continue playing as long as they logged in before the quota time…
Hi,
I need advice how to Deny Direct IP access from browser. So, it only allow access by domain-name.
How it done through Sophos Firewall configuration rule?
I use Sophos XG 310, SFOS v20.0
Thanks
Hi everyone, is it possible to disable logging for specific (url) categories? For example disable logging for
Health & Medicines
Financial services
I'm new to sophos firewalls and as far as I know it's only possible to add one web policy to…
Hello,
I have set up an XGS136 SFOS 20.0.0 at an customer with an OnPrem Exchange 2016, of course set it up with MTA Mode / Reverse Proxy (Thanks for the 1MB Size Limit that is forbidden to edit...) and I am facing issues to set up Quarantine Digests…
Hallo Community,
ich habe heute ein Problem mit dem Versand von Quarantine Digest E-Mails festgestellt bzw. eigentlich sogar zwei:
1) Ein User bekam heute einen Digest mit dem Hinweis auf eine Mail, die am 05.Oktober 2023 (!) kam und in der Quarantäne…
Using Web Server Protection, I want a web server to only be reachable from some IP lists or IP host groups. How can I achieve this? In Access permission , Allowed client networks , it seems that I can only choose individual IP hosts of networks.
Am…
Hi all,
I have recently purchased an XG 125 rev3 and installed Sophos home on it.
I have been playing with the web filter and have found that it works very well for the most part. However, I have been unsuccessful in blocking specific search terms…
Hi!
We're using web category filtering with Active Directory groups. The proxy logs show that sometimes the user's devices are authenticating on proxy instead of user. The access rights are set to the users, not the devices. Because of this the proxy…
I'm struggling to block access to the WAF, I am trying to block all but Cloudflare IP ranges from accessing the WAF however there is still traffic hitting the WAF from non cloudflare IP's. If you are a non cloudflare IP then you get a forbidden page instead…
We just had a PCI compliance scan and we failed because HTST wasn't enabled. Looking through everything HTST is enabled on all of our Web Server Protection rules including the default one. The PCI scanning company said the server replying is using apache…
Hi all! I hope this is just a small question and easy to answer.
We have a XGS 2300 with SFOS v20 deployed and we use it as our snmp proxy.
We get a lot of mails from "spameri @ tiscali.it" which are rightfully rejected. Now, I would like to set up…
Hi all,
I have multiple Domains mananged in my LAN. Sophos XGS3300 protects that mails.
Now I want only one internal domain to use a smarthost for outgoing mail. All other domains should proceed directly via MX.
How to manage that? Mail Policies…
Hello together,
i have the issue that some Websites like https://www.mediamarkt.de , https://www.poco.de , https://moemax.de
are disconnecting the TCP Stream when our Sophos Firewall is running TLS Decryption against them.
Once the TLS Decryption…
Hi there,
I have a single static public IP that I'm using for SSL VPN incoming connections and for exposing a host (PBX) along with the following services: 80, 443, 5060, 5061, and RTP range 9999-15000.
The PBX manufacturer provides a DNS service…
Hi community
Please i have this issue for our customers, we migrated from UTM9 under SG135 series to new series XGS136W
before we start you can find current configuration.
Appliance are connected to ISP Modem (Router) via port 2(WAN)
Port 1…
Hello, I am experiencing an issue with the Sophos XGS firewall on the latest firmware.
The issue is with the Email application; specifically, incoming mail from the MailGun service is marked as b ounce+7bbc1d.e9c62-admin=acme.com .
It happens that…
Can anyone help figure out what to let through the web filter to get the onvue proctored exam streaming software to work through an XG210?
On the test connection it is failing everytime on the video streaming check. When I look in the firewall logs…
Hello, as from here I can configure "Require sender email domains" to enforce TLS negotiation ( whitelisting ). Beside this I can configure "Skip TLS negotiation" ( blacklisting ).
For compliance and legal reason I need to configure TLS negotiation…
Hi folks,
a while ago I had issues with SASI not logging all iMaps traffic. The issue has been partially resolved by changing firewall mail rules.
A new issue is I receive over 1000 spam messages a day from the same sites via the mail post office…
Hello guys!
I have a home server running a few services on port 80 and 2-3 other ports
I also have dyndns (3 hostnames) and have been using waf to connect to those 3 services without the need to enter a port in the url
(There are also a couple of…
