HI Folks! We were always able to see under Authentication - Users - View Usage the time ranges, when a user was connected with sslvpn or ipsec via sophos connect. Since we updated our cluster from 19.0.2 MR2 to 19.5.3 MR3 we can only see sslvpn usage…

Hello All, I have setup a weekly data quota for users (we have a WAN metered connection). Is there a report I can generate that shows what each user has consumed in the current weekly cycle? I know users can see this info on the User Portal, however…

The log viewer of Sophos Firewall always opens in a full screen window. I have a 49’’ super ultrawide monitor, so opening the window maximized doesn’t make any sense and I have to resize it every time. Please make it an option to remember the last position…

I would also like to see it shown in the GUI the current usage live so we can see that without having to go into the CLI I would like to see a report of each port's, utilization for all physical ports and vlans on those ports. for example, the max this…

Hello everyone. In the current activities--> live users panel, I don't see all the ones with the Heartbeat, I have configured a domain controller to authenticate people and people can login with their AD credentials correctly The question is that…

Hello, it looks like the XGS3100 is sending faulty snmpV3 traps. In order to check that I would like to enable the debugging log for the snmp deamon, There is a manual for the UTM but doesn't seem to be the same for the XG. https://support.sophos…

XG 19.5.2 is starting to flood the /var/eventlogs folder with *.db files like 89340.db Any idea what is causing this? XG430_WP02_SFOS 19.5.2 MR-2-Build624 HA-Primary# df -h Filesystem Size Used Available Use% Mounted on none 1.5G 3.4M 1.4G 0% /…

Hi all, So exported a custom report web surfing report and it contains a lot of information. Is there a way to see just the sites the person visited rather than all other erroneous traffic like certs, etc?

Im trying to figure out why traffic is being dropped between Lan and VPN. I have the firewall rule made to allow traffic. Traffic is passing fine except for traffic on 1 port. It is not showing in the Log but it i did drop-packet-capture this pops up…

Hello everyone, I've configured one of our Sophos devices with some rules and policies . The problem is with the amount of Logs it generates per second! There are too many Information level logs about WAF and other types of log components. So it…

Hi, I have rule 5. It's a DNAT from the WAN IP 188.175.113.182 in to the network to the VoIP server. If I look in the LOG, I see the following: The first line does correspond to rule 5, but what do the other lines mean? They are also marked…

Hi Sophos community, Is there a way to see device reports by device name? In other Firewalls I had this option but it doesn't seem to be an available feature thru Sophos.

Hi all, we want to upload the Sophos XG Logfiles to Microsoft 365 Defender (Cloud App Security). In general the Logfiles are received by Microsoft but in the wrong format. On the Sophos XG we selected "Standard Syslog protocol" and on Microsoft site…

I'd like to export an entire report to PDF from Sophos Firewall but it won't let me. For example, this report is 14 pages but I can only seem to export 200 records max.

Is it possible to filter more than one port in the log viewer? I am trying to find some specific traffic and i want to exclude both 443 and 123 but I cant seem to stack the filters. Thanks!

Dear Sir How and where I trace a Local IP address that is consuming my Internet? Thanks Muhammad Alyas Qaisar

(simple ANY rule with a lot of traffic -> should be in LOG)

Hello, Shortly after we updated to XG 19.5.2 we noticed that DHCP renewals were no longer logging in the System logs of the live viewer. There are no "DHCP Server" events shown at all. There have been no config changes since the update and DHCP is still…

I have a xgs 87 and reports were working fine all of a sudden they just stopped - unit showing connected in sophos central. Have removed and re added also to no avail. how do i get reports working again. PS have done the obvious thing and restarted…

Is it normal that in the FW Logs is sometimes a zone entry and sometimes not? The FW should in any case know what zone the paket comes from/to.

Hi all, UTM had a brilliant logging system, but Sophos Firewall do not log many days behind, which is of no use, because we often need to go further back. Sophos Central logging we also find lacking a lot, ex. dropped packets are not logged (But maybe…

I notice many firewall denied firewall logs created by a rule, that is an allow rule only. Even more strange is, that the port 1027 logged is not contained in the rule. Watching the traffic with drppkt shows no blocked packets. Tcpdump shows the…

Hi folks, I am investigating why one of my VoIP phones has failed. I have searched logviewer and its many sub-menus and not able to find any SIP traffic (UDP port 5060) or even using the ATA's IP address. Please advise how I find the SIP traffic?…

I do not understand why this happens. I noticed it when I was in firewall log and build a filter like this: It does what it should do: If I then switch the log to TLS Inspection, it shows me only allowed traffic. I know that this filter "allowed…

Hi, is it somehow possible to convert FirewallRule XML export from XG or XGS to some readable form for example to Excel with all needed items like list of all used source, destination networks etc. We need to convert XML to some sort of table form for…