• What's the impact of DNS settings in General SSL VPN settings

    Andrej Pirman
    Andrej Pirman
    Hi, I've deployed doznes of SSL VPN clients, having DNS set to on-premises AD LAN DNS server 10.1.1.10 in General SSL VPN settings for all clients. Now when client with laptop connects to SSL VPN, I can see his/her default DNS resolving goes through…
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • Sophos Connect 2.3 MR1 iPSec DNS problems but SSL OK

    StefanS
    StefanS
    Hi there, After the firmware update to SFOS 20.0.1 MR-1-Build342, we have rolled out the Sophos Connect Client v2.3.1. It turns out that DNS resolution does not work with IPsec. It looks like the wrong DNS servers are being entered here (ipv6). With SSL…
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • Do the community pages push you to impervadns?

    Wayne Folta
    Wayne Folta
    I'm noticing that only Sophos community pages seem to have a problem where queries get pushed to impervadns.net. Of course, I'm trying to not have lots of DNS queries going to random DNS servers, so I block it. (Sophos has its own product for DNS protection…
    • 6 months ago
    • Community Chat
    • Discussions
  • RED60 with VLANs and DHCP Server - DNS Server IP wrong after Firewall Upgrade

    LHerzog
    LHerzog
    I've got a Site connected with RED60 The RED itself uses a single IP Subnet /31 IP Address and has 4 VLAN with /26 Subnets attached. In the Mgmt VLAN are Sophos APX Accesspoints connecting to Central. That setup was running up and fine for years…
    • Answered
    • 6 months ago
    • Sophos Firewall
    • Discussions
  • DNS change Automatically in Sophos Firewall

    itinfrastructure User
    itinfrastructure User
    Hi I have XGS4300 (SFOS 19.5.4 MR-4-Build71),DNS change Automatically in Sophos Firewall it can possible or not can you please guide how to resolve this issue.
    • 6 months ago
    • Sophos Firewall
    • Discussions
  • SSL VPN Use Static IP

    Brian Mowrer
    Brian Mowrer
    Hello, We have an application that requires reverse DNS lookup. When users are on SSL VPN they are getting a new IP address via dhcp on the firewall frequently and the Ip Address does not get a PTR record created in the reverse lookup. I've seen…
    • 6 months ago
    • Sophos Firewall
    • Discussions
  • DNS Resolution Issues with Sophos Connect

    Christian Garcia N
    Christian Garcia N
    Recently, I had a problem with a client and their VPN. I noticed that when connecting to the VPN using Sophos Connect, all the DNS requests I make are resolved by the XG. In other words, when I run an nslookup google.com while connected to the VPN, the…
    • Answered
    • 6 months ago
    • Sophos Firewall
    • Discussions
  • How do I setup DNS over TLS?

    GodAtum
    GodAtum
    I am using Sophos Firewall SFOS 20.0.0 GA-Build222. How do I setup DNS over TLS (with Cloudflare)? I can't find any instructions on the Sophos help pages.
    • Answered
    • 6 months ago
    • Sophos Firewall
    • Discussions
  • FQDN Host automatisch aktualisieren

    Ameisenbär
    Ameisenbär
    Hallo zusammen, wie stelle ich ein das der Host FQDN sich aktualisiert sobald eine neue IP vorhanden ist? Aktuell muss ich auf den FQDN gehen und auf speichern drücken um die aktuelle IP zu bekommen. Firmware: SFOS 20.0.0 GA-Build222 console> show…
    • 7 months ago
    • Sophos Firewall
    • German Forum
  • LLMNR disabled

    Leo März
    Leo März
    Hello, regarding to this post: LLMNR disabled - DNS resolution no longer works over VPN when will version 2.3 of sophos connect be published? kind regards
    • 8 months ago
    • Sophos Firewall
    • Discussions
  • Connecting to VPN ignores all local DNS setup

    Matt Tyree
    Matt Tyree
    I have some services running on a local server behind a reverse proxy and those services are protected from access outside IP subnets not specified in the reverse proxy settings. In my local router, I have the addresses for all these services listed…
    • 8 months ago
    • Sophos Firewall
    • Discussions
  • VPN on Android, can access LAN by IP but not Name

    Joe Schmoe
    Joe Schmoe
    On my phone connected via OVPN I can access local network resources by IP but name resolution won't work. VPN: SSL VPN (remote access) I have Policy Members setup Use as default gateway is on Permitted network sources IPv4 is set to my local LAN VPN…
    • 8 months ago
    • Sophos Firewall
    • Discussions
  • DNS Server in DHCP options keeps changing to Sophos IP

    Rog163
    Rog163
    Hi All... Customer has XG135 (SFOS 19.5.3 MR-3-Build652), Sophos is the main DHCP server for the network, for the last few months we have been battling with a strange issue. Sophos LAN IP is 172.16.0.10 Internal Microsoft DNS server 172.16.0.1.…
    • Answered
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • Sophos Firewall: Integrate Sophos DNS Protection into Sophos Firewall

    LuCar Toni
    LuCar Toni
    Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. ______________________________________________________________________________________________________________________________________…
    • 9 months ago
    • Sophos Firewall
    • Recommended Reads
  • DNS Server Recursive Query Cache Poisoning Weakness | Sophos XGS

    Marcel Jordan
    Marcel Jordan
    Good evening everyone, a customer of mine has currently patched an XGS firewall (SFOS 20.0.0 GA-Build222). The customer had a vulnerability scan with a result of 1 Medium CVSS. Namely: DNS Server Recursive Query Cache Poisoning Weakness www.tenable…
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • SSLVPN Split Tunnel DNS Resolution failed

    fuuussiiidiel
    fuuussiiidiel
    Hi, when using SSLVPN in split-tunnel mode, DNS resolution to internal resources is not possible. A ping returns "Host not found". When I perform a nslookup, the XGS is contacted and resolves successfully. I've also tried several VPN clients, including…
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • Sophos XG internal Active Directory DNS Server for local Domain DNS resoultion - dont work

    ADMIN Thomas Lietzow
    ADMIN Thomas Lietzow
    Hello, I have the following problem. We have two Active Directory Windows DNS servers on the internal LAN. They have entered the Sophos XG Firewall as a DNS server as a forwarding. The Sophos XG Firewall itself queries public DNS servers on the…
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • internal DNS Server get's requests from Sophos - don't know where from

    GernotMeyer
    GernotMeyer
    Hi all, sophos XGS3300 with SFPS 19.5. In my internal network I want to decommission an old Windows Domain Controller. That DC still logs multiple DNS requests from the Sophos (Azure Cloud and other requests) per Minute. I removed that DC as Authentication…
    • 10 months ago
    • Sophos Firewall
    • Discussions
  • Use IP host list as DNS server options?

    alan weir
    alan weir
    Instead of manually entering DNS IP addresses into the DNS fields, it would be nice if we could use an IP host instead. Say you wanted to use google as your DNS. A user could create an IP host called "Google DNS servers" of the two IP addresses 8.8.8…
    • 10 months ago
    • Sophos Firewall
    • Discussions
  • Firewall Subnets on LAN

    collinsandlacy
    collinsandlacy
    I would like to get an opinion on firewalled subnets for security. This would be LAN subnets only. Subnet A is servers and subnet B is desktops. Subnets A and B have outbound internet access only. Subnet B (desktops) need to access Subnet A (Servers)…
    • 10 months ago
    • Sophos Firewall
    • Discussions
  • DNS server allows cache snooping (dns-allows-cache-snooping)

    Anesu Dangarembwa
    Anesu Dangarembwa
    Good day l have a client with a sophos xg 310, they did a security audit report on their network. and the report came with this queries for DNS server allows cache snooping. l want to Restrict the processing of DNS queries to only systems that should…
    • 10 months ago
    • Sophos Firewall
    • Discussions
  • ZTNA agentless resources on port 443 not working (no healthy upstream)

    Philipp N.
    Philipp N.
    Hello, I recently set up ZTNA with our XGS (v20) as gateway to test ZTNA as an alternative to VPN. Setting this stuff up worked like a charm until I reached the point of accessing resources... I tried to add agentless resources with internal FQDN…
    • 11 months ago
    • Zero Trust Network Access
    • Discussions
  • DNS timeouts when using XGS107 as dns server

    Alexander Ruch
    Alexander Ruch
    Hello, When I use Sophos as the DNS server, I sometimes get a timeout for the DNS resolution. I also tried it directly from the XGS CLI. CLI: XGS107_SN01_SFOS 19.5.4 MR-4-Build718# nslookup google.de. 1.1.1.1 Domain Name Server# 1.1.1.1 Domain Name…
    • 10 months ago
    • Sophos Firewall
    • Discussions
  • Von der UTM zur XG

    Wotan Wien
    Wotan Wien
    Als ehemaliger Astaro/Sophos Partner finde ich bis heute die UTM um längen besser als die XG mit der UTM beschäftige ich mich seit 2008. Aus diesem Grund war die Motivation sich mit der XG zu beschäftigen nach Stunden immer wieder dahin. Jetzt ist die…
    • 11 months ago
    • Sophos Firewall
    • German Forum
  • XGS firewall DHCP - DNS

    Elie Ibrahim
    Elie Ibrahim
    hello configuring DHCP lease on XGS 107 firewall in "DNS server" section there is only 2 fields, is there a way to have the DHCP provide 3 DNS to clients Thanks Elie
    • 11 months ago
    • Sophos Firewall
    • Discussions
<>