Hello, Over the holiday weekend we upgraded our XG330's from 19.5.4 to 20.0.2 MR-2-Build378. After the upgrade none of our wildcard FQDN rules are resolving/working. They worked perfectly fine prior. This is causing quite a bit of issues for user authentication…

Hallo zusammen, wie stelle ich ein das der Host FQDN sich aktualisiert sobald eine neue IP vorhanden ist? Aktuell muss ich auf den FQDN gehen und auf speichern drücken um die aktuelle IP zu bekommen. Firmware: SFOS 20.0.0 GA-Build222 console> show…

Hallo, ich habe eine RED Site to Site Verbindung zwischen zwei Sophos XG Firewalls. Wie kann ich es realisieren, dass bestimmte FQDNs/Domains oder auch Öffentliche IPs dann nicht über das "normale" WAN Interface sondern über den RED Tunnel geroutet…

I am currently migrating the SG firewall configuration to XGS. After completing the configuration migration, it appears that the XGS firewall cannot query FQDNs properly. The same FQDN can be queried for two IPs in the SG firewall, but only one can be…

Hello community, Is it possible to configure Sophos central email as below, If I maintain 2 or more mail servers in cluster, and I assign in inbound destination a FQDN of a type A record for example mail.abc.def pointing to IP 1.2.3.4 and 5.6.7.8…

Hello community, Next a doubt: If I maintain 2 or more mail servers in cluster, and I assign in inbound destination a FQDN of a type A record for example mail.abc.def pointing to IP 1.2.3.4 and 5.6.7.8. Once the mail is inspected by Central Email, and…

I would like to route my WhatsApp traffic through various gateways. I have established an SD-WAN rule, which currently works only with IP addresses. However, as the IP addresses keep changing over CDN, I prefer to use Fully Qualified Domain Names (FQDN…

I'm migrating to an XGS136 (SFOS 19.5.1 MR-1-Build278). The old firewall published LDAPS on 2 DCs to a specific WAN server that needs to do LDAPS lookups for AD integration. The destination device was set to an FQDN object corresponding to the internal…

Hi all, here is my environment: HQ-------- FW XG AD | DNS SERVER Wbeserver: app.domain.corp BO: (Workgroup)--------- FW XGS: DNS|DHCP|GW There's Site To site IPSec config between HQ and BO . I need to configure "conditionnal forwarder…

Hey guys, following problem: We use a Sophos XGS 3300. Internal Webserver is in DMZ Zone 10.10.10.0. It has an FQDN which will be resolved to an external IP on external DNS servers and to its internal IP on internal DNS servers. From LAN and SSLVPN…

After upgrading one XGS and XG from 18.5 MR3 to MR4 we have issues with our Sophos Central managed APX Accesspoints showing as offline in Central after between 30 and 60 minutes after the upgrade of the Firewall. See: https://community.sophos.com/sophos…

Hallo Leute, ich habe aktuell FritzBox 6591 (10.0.0.1/24) und ein Öffentliches 30er Subnetz mit der Sophos SG230 OS 9.7xx Habe von der FritzBox 2 Lan Kabel an der Sophos. FritzBox LAN1 auf die Sophos ETH0 (10.0.0.254/24) Statisch FritzBox LAN2…

Hello everyone, i am attempting to setup a Site to Site VPN connection by using IPSec with a preshared key. I've seen videos and guides on how to setup IPSec Site to Site which ( i think) was pretty straight forward on Sophos UTM. After setting…

Hallo, wir haben ein Client Subnetz und ein Serversubnetz. Beide Netze werden durch die Web Protection überwacht. Beim Zugriff aus dem Clientnetz in das Servernetz auf einen Webserver wird der HTTP Seitenaufruf unter Angabe des reinen Hostnamens geblockt…

Hi folks, I have a number of sites that use IPv6 addresses,, but the XG does not recognise IPv6 FQDNs, so wondering what the timetable is for including this basic feature? Ian

How can we protect our devices from accessing specific forbidden hosts when they are outside our network - so no longer protected by XG firewall? I've created a Website Management rule in Central with tags for the recent Autodiscover issue. This works…

Sophos officially recommends to not use wildcard FQDN hosts (e.g. *.microsoft.com) even if they come out of the box with XG firewall setup. The XG backend processing for FQDN IP’s used for IPset is not reliable. Therefore, it is quite possible that…

Hello together, I am trying to allow traffic to specific websites using firewall rules with FQDN-Hosts as Destination. Unfortunately this is not alwas working as expected: I try to reach github assets under https://github-production-release-asset…

Hi guys, i am not quite sure if I am studpid and overseeing something obvious or if my sophos is behaving strange. I am using Sophos XG in Microsoft Azure and have set Sophos XG as DNS Server for all systems. Traffic from all Systems to Sophos…

Hello, In a Project I am using Sophos XG (Virtual Appliance in Azure) to achieve the following: In our (new) Azure network environment we neither want nor can use a proxy. Still we do not want to allow all traffic to 80/ 443 TCP. Therefore we need…

Hello to who might concern the following. The issue : build in windows 10 mail client not synchronizing when HTTPS Scan And Decrypt is active ( certificates are installed on the endpoints ). And Google Music Manager ( windows 10 ) not connecting to…

Since Netflix is blocking my connection over IPv6 using a HE tunnel, I tried to block access to Netflix over IPv6 in the firewall so Netflix only uses IPv4. This works fine when I block access to the IP-address of Netflix, but since this also blocks a…

Sorry this is a bit long. Trying to convey all the troubleshooting I did. I've been using XG for a few weeks now and everything is reasonably fine tuned to support my usage. Whenever I run into a site blocked by my rules, I create an FQDN host definition…

Hi, I've been searching for weeks, tried a lot of GIYF and RTFM without success, so I hope someone can help me with this one... We have set up 2 RED15's and everything is working except web browsing to internal hosts f.e. http://intranet or https…