Browse By Tags

Hello community, Do you know is there any way to use Sophos Firewall Email protection in MTA mode for IPv6 SMTP/SMTPs traffic?

I blocked the adult and nudity category in my sophos xgs 2100 firewall. But still many porn sites are accessible. Is there any way to block it completely?

Explain like I'm 5 (maybe a 5 year old is smarter at this point, who knows)... We have SSL/TLS inspection rules under "Rules and policies." One of these rules is the built in "Exclusions by Website, which references both a Local and Managed TLS exclusion…

The WAF custom authentication form in the documentation is not that clear and required several rounds of testing to fix. Below I've added code that is easier to modify and quickly get up to speed without 30 minutes of troubleshooting and testing. I…

Hello, I have trouble configuring WAF rule for one specific web server/service When I try to access service from inside on my pc I get 403 [Sun Jan 07 19:40:08.983664 2024] [authz_core:error] [pid 22769:tid 140041007253248] [client 10.2.1.10:52039…

Hello, I have a Peplink WAN gateway and a Sophos in the centre for routing from the core switch to the WAN.I have a problem: I cannot perform a waf for my webserver, which is hosted by peplink and the server are located at dmz, and my website is already…

Hi, I'm trying to use the webproxy of the UTM9 which uses AD as (basic) authentication with a linux client system. Debian 12 for example requires the following: Acquire::http::Proxy "">user:password@proxy_server:port/"; I tried all different…

want to unblock translate.google.co.in for all in xgs 2100

Hi, are SOFS and SG UTM affected by CVE-2023-51766 (Sender Spoofing by SMTP)?

When selecting a Web policy or an App policy from a drop-down list, there is a "None" option and also an "Allow all" option. If you select "None," doesn't that mean the same thing as "Allow all"?

We installed a Sophos virtual appliance in bridge mode in front of a pfsense firewall in order to intercept all traffic within the LAN infrastructure of our network for reporting purposes. This is what our current topology looks like: LAN --> sophos…

Hi, i read a lot of posts about this Problem, but cant get it running. Made the WAF settings strictly by Sophos KB article, owa, outlook anywhere etc are running properly, but active sync isnt working. Log saus WAF Anomaly Inbound…

Hello All, We have a situation where we have switched firewalls for incoming & outgoing mail from UTM to Sophos Firewall. We are using Exclaimer Signature Manager Exchange edition & are currently still in a Hybrid setup. For some reason, some outbound…

Hi all, we have changed for all our AD users the primary email address from <surename<@<domain>.de to <forename>.<surename>@<domain>.de No we have a big problem, that nearly no digest is send to the users. And if you take a look in the user portal…

Hallo zusammen, ich habe folgendes Problem. Ich habe eine UTM auf eine XGS umgezogen. Nun gehen folgende Verbindungen nicht mehr. Wir haben ein Firewall die hält das Server und das DMZ Netz zwischen dieser Firewall und der XGS besteht ein Transfernetz…

Hello, on my old UTM i got an exception which gave web access to unauthenticated users to several domains like microsoft.com or windowsupdate.com. How is that possible on xgs? The Webfilter does not contain an exception for authentication.

I've been reading some discussions about WAF support for HTTP/2 before. Is it available in the new SFOS v20? Or is it planned for some next MR?

SFOS 19.5MR3 I'm getting multiple WAF-Logentrys with exact same URL (upper-/lowercase) - one request passes correctly the other one fails due to "Static URL Hardening - No Signature found". As it's same exact same URL it's probably not a configuration…

Using TLS decryption and vendor Docusign suddenly causes issues with our XG firewall on 19.5.3. Happens also on other browsers and OS. Here Safari in MacOS. it works using classic proxy as described here: https://support.sophos.com/support…

Hello everyone, we have been having problems with video conferencing via browser for some time now. We are using a XG 230 in webproxy mode with HTTPS decryption, IPS and ATP activated. The clients are configured with a standard / manual proxy. Everything…

Hello everyone, Since v20 I need to disable / enable a SSL/TLS Decryption rule nearly every to every 2 days. It stops processing traffic and on a client device it "feels" like the internet is down. This instantly recovery after disabling / enabling…

We have updated our XGS3300 to SFOS 20.0 a few days ago. Since then our WAF ist not working. AH00526: Syntax error on line 106 of /cfs/waf/reverseproxy.conf: Invalid encrypted key AH00112: Warning: DocumentRoot [/sdisk/waffiles/1cf6480d9dcdd33a4319301e0d8ef22b…

Hi folks, a question about decrypt and scan that has me puzzled for sometime. The users have the XG certificate installed and functioning correctly except for Apple sites. I have web policies blocking advertisements and use the XG proxy, this functions…

Have already been referred here: https://doc.sophos.com/nsg/sophos-firewall/19.5/help/en-us/webhelp/onlinehelp/AdministratorHelp/Email/GeneralSettings/index.html#smtp-settings I wonder if any of you guys can share with me what and why your settings…

Hello, We use the Web Server Protection of Sophos XG Firewall and have now reached almost 60 WAF rules. This is also the maximum number of WAF rules. Is it possible to combine several URLs in one WAF rule and route them to different servers? WAF rule…