Hi, ich würde gerne bei manchen Mitarbeitern den Internetzugriff der Smartphones auf eine Stunde täglich beschränken. Hierfür gibt es grundsätzlich die Möglichkeit Benutzer anzulegen und darin die gewünschten Beschränkungen zu konfigurieren. Da…

i would like to allow ip addresses from a company such as cloudflare. however, their ip addresses will be changing. i would like to allow their ASN number so that i don't need to keep track of their ip addresses changes. is this possible?

Hi All, We have a network firewall rule setup to allow traffic to a WAN destination. However we can see in the logs that the traffic is getting blocked by the web filter component. We have a user network rule further down the list that allows access…

I notice many firewall denied firewall logs created by a rule, that is an allow rule only. Even more strange is, that the port 1027 logged is not contained in the rule. Watching the traffic with drppkt shows no blocked packets. Tcpdump shows the…

Hi, is it somehow possible to convert FirewallRule XML export from XG or XGS to some readable form for example to Excel with all needed items like list of all used source, destination networks etc. We need to convert XML to some sort of table form for…

(We are using XG550 active passive cluster with firmware 19.0.2) Hi community, today I have a strange problem again. As SOPHOS told us not to use custom network objects for ipsec/sslvpn related firewall rules, I created a firewall ruleset based…

Hi zusammen, folgendes Problem. Wir haben zwei Netze. In Netz A stehen unsere Server und auch unsere TK-Anlage. In Netz B stehen unsere Clients. Auf den Clients wird eine IP-Softphone Software verwendet, die sich ihre Config per TFTP von der TK-Anlage…

Ich habe drei Android-Tablets die zwar im internen WLan verbunden sind, denen ich aber den Zugriff ins Internet untersagen möchte. Ich habe eine Sophos XG135. Ich habe für jedes Tablet einen MAC-Host angelegt mit der jeweiligen MAC-Adresse des Tablets…

Hallo, ich habe da mal eine Verständnis frage bzgl. der Kommunikation innerhalb des LAN Interfaces. Aktuelle Umgebung auf einer XDS2100 : - LAN1 => LAN - LAN2 => WAN - LAN3 => DMZ - LAN4 - 8 => LAN (Interface LAN 1, 4 und 5-8 sind gebridged…

Hi, when you attempt to delete a group and it is in a firewall rule you are disshown a message advising the that group exists in firewall rules or policies. If the group is in a SSL/TLS rule you are shown a message cannot be deleted, which is not very…

Guten Morgen, gibt es eine Möglichkeit bei der XG210 heraus zu bekommen wann eine Regel erstellt wurde? Es wurde eine "erlaube alles" Regel erstellt und keiner will es gewesen sein. Leider musste ich die Administration krankheitsbedingt übergeben. Nachdem…

Hi, I am facing a problem with the LAN zone attached to multiple interfaces. FW: SFOS 19.5.2 MR-2-Build624 Setup: Port1: LAN (192.168.30.254/255.255.255.0) Port2: WAN Port3: LAN (192.168.32.254 /255.255.255.0) I've created the following test rule…

Hallo liebe Mitglieder, ich habe eine Frage zu einer Firewallregel dich ich für meine SNOM Telefone erstellen möchte. Und zwar will ich eine eigene WAN Regel für alle SNOM Telefone erstellen, die im Netzwerk sind. Ich habe eine eigene Firewallregel…

HI, I am using sophos-xg210 firewall any traffic that is not matched existing rule that will hit drop rule

Hallo, wir haben eine Sophos XG im Einsatz um einen IPSec Tunnel aus Azure in ein OnPrem Datacenter zu verbinden. Das spannende ist das wir Pakete sehen die nachdem sie durch den Tunnel gekommen sind durch eine FW Rule geblockt worden, ein anderes…

Hello everyone, I've already got to grips with the Sophos API and now I'm keen to crack on with the Sophos Central API. Could anyone clue me in on how to update a host group and its content and how to apply it as a rule using the Sophos Central API…

Hello everyone, I need a help with verifying my string. I'm quite fresh with Sophos Firewall and I'm trying to add new FW rule via API in CLI. I've succesfully added and deleted an host after reading this article: https://docs.sophos.com/nsg/sophos…

Hello everyone, last Friday we set up an XG 430 in bridge mode. (Port 1 + 2, same zone) So far everything works perfectly, but now suddenly all IP phones have no connection to the PBX. Also it is not possible to access the web interface of the PBX…

Hi I am using XG-115 as my firewall and already got number of rules. I also have a couple of VLANs. I followed the below guidance given by Sophos tech support team. The rule works well with individual hosts. but when I replace the individual host…

Hello, I need your help for making chromecast work again on my LAN. I had to restrict the protocols on my LAN. My current setup is: Sophos XG, all devices on the LAN are allowed to use: http, https, smtp, smtps, imap, ping: As a result,…

SFOS 19.5.1 MR-1-Build278 I was checking the logs when I noticed this strange peculiarity, in the log, the "firewall rule" is actually the firewall ID #. The log is showing that the firewall rule with the name "Allow outbound" is firewall rule 1,…

For user based firewall rules, how to match users - that is add users to authenticate in a database? I added an "any" "any" rule to allow all traffic to pass through, but it does not work, any possible reason why? Does sophios have any cli interface…

hi all, got a DNAT like below, blanked the fields out due to privacy do i need to change my inbound interface and outbound interface to the correct ISP as i have two ISPs, so it could be going out wrong ISP, or will it pick the right ISP to go out…

Hi All, I am new to Sophos XG coming from pfsense and have to say I will be staying, great NGFW. I have a slight issue though, one which I am sure is simple to solve. I have used the server access assistant (DNAT) to create a port forward rule from…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table of Contents Overview Create a Web Policy Firewall…