Hi, I have a proxmox hypervisor I use it to spin up VMs and LXC containers, and I use MAC addresses to enforce some rules on my Sophos firewall. how can I add a MAC range so all the new VMs that have random generated MAC addresses (under the same vendor…

I’m currently facing some connectivity challenges with my network setup. My PABX and SIP systems are working fine—they respond to ping requests, so they’re definitely online. However, I can’t seem to get any incoming connections from the PABX to my Sophos…

Hi all, i have had a look at the Invalid Traffic page but as stated at the bottom doesnt resolve the issue, just reduces the number of logged entries My setup is as follows Core network is TPLink Omada (Manages the vlans) Sophos setup: Port1 …

Hey Guys, I am using the Sophos XG as DHCP server which provides two DNS servers. One is a Pihole and the other one is the SophosXG itself. So normally the devices should resolve internal and external domains via Pihole, but when it is not available…

Hi everyone! I’m facing a puzzling connectivity issue in my PABX setup. My NS300 cannot be pinged from my Sophos XG4500 when my SIP router is connected to the core switch. However, I can still make calls outside, which adds to the confusion. Coreswitch…

TLDR - IEEE 802.1Q reserves VLAN ID 0 for a special purpose. Sophos XGS firewalls do not implement this special purpose correctly, preventing communication with some ISP Gateway modems. The request for proper implementation of VLAN ID 0 handling is being…

Hello, I've added a DHCP-Server for an interface on my XG. The interface is an RED-VLAN-Interface and ping from the switch is working. An Accesspoint connected to the switch did not get an IP-Adresse. Today we found out, that we have the same problem…

A customer site has a 2nd gateway that is required to access one of their vendor's systems. Our Sophos XGS has static routes in place to direct any traffic intended for the vendor network to the 2nd router. Rather than adding host entries for the vendor…

HI How can i check the interface counters for WAN interfaces in the Sophos firewall ?

Hi, I have set up a free account with FreeDNS. My public IP address is pointing to the correct subdomain.mooo.com However, I have a query about the hostname, SF only accept: subdomain.mooo.com. But in order to work, you need to include the update…

Hi, we have the below IP series in Wan port and alias, all tunnel services are running. now ISP is providing a new alias /29 subnets with different IP series if we add a new alias /29 subnets with the existing setup it will work or not. - Port…

Hi folks, a question about XG ability to decode DNS over HTTPS and TLS, can the current version of XG decode DNS requests sent to it using HTTPS or than TLS? Ian

Currently I have some trouble providing Firewall access to some load balanced CDN services on Akamai Servers, where the corresponding DNS names have short TTL's when using wildcard FQDN like *.docusign.net when the URL accesses will be demo.docusign.net…

Hello all, I'm used to another known firewall vendor but I decided to give this for my home network a try since the other solution is way too expensive. My goal is to use a single link between my switch and my Sophos appliance so I do not need lots…

Hello, Can anyone tell me if the Sophos XGS can translate IPv6 to IPv4 addresses? If so, where can I set it? Or do I also need an IPv6 range in the internal network?

Hi, Is there any option to detect internal network port scans from within the network or networks? Like for example using nmap or netcat or others from inside the local network, not from a wan source. I'm posting this in endpoint as well. Thanks…

Hi everyone, I am using a Huawei 3372 LTE stick on my SG-125 with SFOS for a couple years now. It is configured in DHCP mode as a failover WAN connection when the main connection goes down. Up until now this worked as intended but after upgrading the…

I have a problem regarding may rujie AP that connected in sophos firewall XGS2300. I created VLan 172.16.16.16 for employees user(mac binding) and Vlan2 17.15.15.16 for Guest wif(DHCP) from 172.15.15.20-100. My problem was when i tried to connect my android…

Hello, I try@home to migrate from UTM zu SFOS. On the good old UTM there was only one LAN Interface. This was the gateway for some PCs. At the network configuration on the UTM, I configured the real-router-getway as gateway in this one UTM NIC. It…

Guten Morgen, wir haben die Sophos XGS136 im Einsatz und bisher gehen wir per DSL ins Internet. Hier ist der Port 2 dafür konfiguriert (siehe Screenshot). Jetzt bekommen wir nächste Woche Glasfaser. Wie muss ich den Port 2 ändern, damit ich nun…

DHCP requests not routing over IPSEC This has nothing to do with v21.0. It is possible in v18.0. You just have to run a whole stack of CLI commands because the GUI is inadequate. A post by a Sophos staff member to a closed thread which no-one…

I have created a new vlan and dhcp on the XGS, configured the vlan on unifi wifi/switches, I am getting ip however I cannot get internet access. I don't want the vlan to access other vlans however I want computers inside the vlan to communicate with…

Hello. I want to use 1 of the excess LAN ports on the firewall to give out ip address of 192.168.88.x to the pc connected to it. Currently, my firewall gives out ip address in the 192.168.1.x range. I first selected the port, assigned it to the LAN…

We use a block countries rule to control from where our user can connect to the VPN. We noticed two new entrys in the list this morning "Europe" and "Europe Continent" When we take either of them out regardless that Germany is allowed, is Germany…

Hey All, I was wondering has anyone else noticed Netherlands isnt in the country blocking list for Sophos XG ?