• clientless sftp

    Reem Jalal Eddine
    Reem Jalal Eddine
    i have configured a clientless sftp policy that contains the bookmark and the bookmark contains the private and public key along with server information. I created a user on our portal and allowed it to use this policy. I did on the side another rdp policy…
    • 24 days ago
    • Sophos Firewall
    • Discussions
  • Whatsapp images and documents

    Mohamed Arbaaz
    Mohamed Arbaaz
    Hi I have an issue whereby users cannot send images or documents on whatsapp mobile app. We have policy rules for social restriction but whatsapp i alloewd but seems not to be working
    • Answered
    • 23 days ago
    • Sophos Firewall
    • Discussions
  • Bandwidth Limit

    Jabir V
    Jabir V
    how to allocate bandwidth limit to specific IP or IP class?
    • Answered
    • 25 days ago
    • Sophos Firewall
    • Discussions
  • SDWAN and Loopback NAT

    Bart van der Horst
    Bart van der Horst
    Hi, I've got the following case on a customer site: Internal webserver on LAN, needs to be accessed from same or different internal LAN on the external IP, normally I use a loopback NAT rule and this works. Since a few weeks we had to switch to…
    • Answered
    • 26 days ago
    • Sophos Firewall
    • Discussions
  • Wie verarbeitet die Sophos DNS Anfragen bei mehr als einem Internet Anschluss

    Patrick81
    Patrick81
    Schönen guten Tag zusammen, hier habe ich eine Frage die mich grade brennend interessiert. Ich habe zum Beispiel in der Sophos unter Netzwerk -> DNS 8.8.8.8 und 8.8.4.4 eingetragen. Weiter hat die Sophos 3 Internet Anschlüsse. Für jede Internetverbindung…
    • Answered
    • 27 days ago
    • Sophos Firewall
    • German Forum
  • Country-Blocking: Zugriff aus freigegebenem Land wird trotzdem blockiert

    SylvainL
    SylvainL
    Hallo, Ich habe eine Firewall mit mehreren Schnittstellen, über die Anfragen verarbeitet werden. Eine Subdomain ist auf eine bestimmte Schnittstelle geroutet, und Anfragen auf dieser Schnittstelle werden an einen Server in einer DMZ weitergeleitet.…
    • 27 days ago
    • Sophos Firewall
    • German Forum
  • 2 WAN-Links (use primary one, and only if failover the second) - Problem with DNAT on failover Interface

    nils50122
    nils50122
    Hello, we have an question because in the past we have problems with DNAT when configuring our two WAN-links as active/passive. As a workaround we configured the two interfaces as active/active, but now the problem is the second link (which is limited…
    • 28 days ago
    • Sophos Firewall
    • Discussions
  • How to import an external ip list into an ip host group via API

    support_einsal
    support_einsal
    Hello community, We want to fetch a list of IP addresses from a webserver and (dynamically) import them into a host group on our firewall (Sophos XGS3100 Vers. SFOS 20.0.2 MR-2-Build378 ). Our plan is to use the API along with a Python script that downloads…
    • 28 days ago
    • Sophos Firewall
    • Discussions
  • a small question about understanding network statistics (CLI)

    Thomas op het Veld
    Thomas op het Veld
    on a sophos firewall (e.g. xgs136) I can view the interface statistics via the CLI. (command: show network interfaces) At the output I notice that there are many dropped packets at RX state (receive).(LAN Interface) Port1 Zonetype:LAN MAC Address…
    • 28 days ago
    • Sophos Firewall
    • Discussions
  • Veeam Guest Interaction Proxy creates false IPS Alerts

    Peter Riederer
    Peter Riederer
    Hey, after deploying our new XGS3300 with SFOS v21 we noticed several IPS Alerts which are created from a Veeam Guest Interaction Proxy to the Veeam Backup Server: Attack : FILE-OTHER Adobe Premier Pro ibfs32.dll dll-load exploit attempt Attacker: Guest…
    • Answered
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • Invalid Traffic / Invalid TCP state (no routing issue)

    Gerhard Sauer
    Gerhard Sauer
    Hello, I have a problem with mainly HTTPS connections showing up in the log as Invalid Traffic / Invalid TCP state. See screenshots below. example domain is https://telekom.de I have 2 Internet connections with separate NAT and SD-WAN routes. Routing…
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • [Feature request] 802.1p support for PPPoE/VLAN interfaces

    Samuel Leal
    Samuel Leal
    Hello, I'm seeing more and more ISPs asking for CPE P-bit setting for their connections. As far as i know, Sophos Firewalls still doesn't support this forcing us to use a bridged router supporting this feature in front of the Sophos FW. Please consider…
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • ips.log filling at high rate - normal and good for the SSD lifetime?

    LHerzog
    LHerzog
    Today we've had a partial outage due to high /var partition usage. It was flapping between 70% and over 90% in a short time. /dev/var 179.3G 138.6G 40.7G 77% /var /dev/var 179.3G 138.8G 40.5G 77% /var /dev/var 179.3G 138.9G 40.4G 77% /var /dev/var…
    • Answered
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • Open port 123 for Ubiquiti NTP access

    MCBLC
    MCBLC
    Hi all, I have a XG135 firewall and several RED devices, I also have several devices from Ubiquiti (UNVR and CloudKeys) and they are causing problems. Ubiquiti support keeps telling me that I need to allow access on UDP port 123 which they use for NTP…
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • Issue with Third-Party Threat Feed Not Blocking WAN to LAN Traffic

    Jurgens Steyn
    Jurgens Steyn
    Hi, I’m using a third-party threat feed with Sophos and under the impression that it should provide WAN to LAN protection. However, I’ve conducted a test and observed unexpected behavior. Here’s what I did: Created a custom text file list containing…
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • Sophos XGS4300 - WAN Interface not pinging

    Stephen BabuJohnson
    Stephen BabuJohnson
    Dear all, I am facing a problem that my WAN Port always showing RED and i could not ping the WAN Gateway. At the same time, the same line with the same Static ip address is working in my laptop / nearby desktop without any problem. Kindly let…
    • Answered
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • Sophos Firewall SF Home DHCP not working on wifi with VLAN.

    Michal B
    Michal B
    I have the latest Sophos Firewall Software Home 20 installed on my mini pc as well as on old XG 135w router and on both devices I experience issue with no DHCP reply for Wifi what using VLAN. - I have tested Unifi and Zyxel AP same issue - I have directly…
    • Answered
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • IPv6 Country Block WAN to LAN strangeness

    Casual_User
    Casual_User
    Hello, Since the XG Firewall does not have countries for IPv6, I have created my own countries based on published IPv6 address ranges which can be found here https://www.ipdeny.com/ I created a LAN to WAN rule to block access to a country and a WAN…
    • Answered
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • Sophos XG Alias Interface not showing up, SFOS 21

    dmuller
    dmuller
    Hi all, I created a new alias interface but missed on digit, so the address doesn´t belong to a existing interface configuration. Now I cant delete that alias because its not showing up in gui. Is there a way do get rid of that alias via console?
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • DNS over TLS

    MikeyS
    MikeyS
    Apologies I know it's been mentioned before, but I'm in the process of moving from pfsense + to XG Home. Got a variety of loose ends to sort out and DNS over TLS is one of them. Is this forthcoming within the v21 release cycle? I'm sorting Wireguard…
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • DNS Rebinding - Plex

    MikeyS
    MikeyS
    I’m in the process of getting Sophos XG Home as an alternative to pfsense. I’m 90% there, but is there a way to do DNS Rebinding, particularly for plex? i don’t want to open ports as I accessed everything via a VPN with pfsense and it worked perfectly…
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • External Partners Accessing DMZ

    Reem Jalal Eddine
    Reem Jalal Eddine
    Hello, Need your recommendations, we want to implement a SFTP server to exchange data from and to one of external partners. I am planning to add the server to DMZ group and just restrict FTP protocol to it. Create a NAT rule also i want to force the…
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • Ring topology using Sophos Firewall

    Mayuresh Bhagwat
    Mayuresh Bhagwat
    I have a customer who has 4 Sophos Switches and 1 Sophos Firewall. He intends to connect them in a ring with Firewall as a Gateway. So here is the planned setup: Sophos XGS Firewall as Gateway with 2 interfaces as bridge mode: Port 1 Bridge Mode on…
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • Cloud application list empty

    David Kucera
    David Kucera
    Hello, it seems I have missed something, on all my firewalls "cloud application list" is just empty. Application control is being populated but the cloud part has nothing in list or graphs. Would anyone be so kind to advise? All are XGS 107 with…
    • Answered
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • Allow external IP range and ports

    Bradley
    Bradley
    Hi all, We are having a few problems with our VOIP phones. I believe it may be to the firewall, but I not 100% sure. I need to allow an IP address range and some ports. I have created a firewall rule, but I cannot see that any traffic being logged…
    • 1 month ago
    • Sophos Firewall
    • Discussions
<>