I am referencing this documentation https://docs.sophos.com/nsg/sophos-firewall/19.5/API/SYSTEM/Host%20and%20Services/IPHost/operations/AddIPHost&EditIPHost.html There's information on how to add or update an existing IP host object. However, I just want…

We have a /29 subnet from our ISP. I want to use a dedicated public address for our guest network traffic. I've added an alias on the PPPoE port and thought I could then just use an SD-WAN rule to route the traffic, but the alias doesn't appear in the…

SNAT with multiple WAN gateways isn't working.. WAN Gateway 1 = Port3 - its public with /27 worth of aliases WAN Gateway 2 = Port5 - its public with /28 worth of aliases (IP Host) SNAT with Port3 aliases work for all of the rules I've created…

Hi all, im pretty new to the sophos firewall i noted that on the dashboard it showed an attack and also checked the logs whcih are both shown below. From this i can see that it was detected rather than blocked. Is there a way to set the IPS to block by…

Hello All, We have a Sophos XGS connected to a metered WAN connection, in order for devices to connect to the internet the user must authenticate to the Sophos captive portal and at which point a weekly data transfer quota is applied. This has been…

Hi all, i have had a look at the Invalid Traffic page but as stated at the bottom doesnt resolve the issue, just reduces the number of logged entries My setup is as follows Core network is TPLink Omada (Manages the vlans) Sophos setup: Port1 …

Hello, I found a solution where IPSec networks are distributed via OSPF and would like to know if this is correct? Can I use this in a productive environment? 1. SSH -> 4. Device Console 2. system ipsec_route add net 192.168.123.0/255.255.255.0 tunnelname…

Good morning. I have been looking for information about the use of Traffic Shaping / QoS and applied what is indicated but in my case it is not working for me. I have 2 offices, each with a Sophos firewall. The server in office A sends data to the…

Guten Abend, wir möchten gerne mehrere Web-Applikationen auf unserem Server über das Internet bereitstellen. Hierzu habe ich bereits beim Provider die entsprechende Subdomain auf unsere öffentliche IP geleitet. Daraufhin habe ich in der Sophos via…

Hallo Forum, ich habe eine XG106w Rev1. Da ich nur eine Home Lizenz habe, wurde von mir die SFOS Home heruntergeladen und installiert Der Lan port1 hat die IP 172.16.16.16 und die Netzmaske 255.255.255.0 Der am LanPort 1 hängende PC hat die…

Hi, we have a problem with transferring syslog from Sophos firewall to the Arcsight SmartConnector. When we try UDP, logs can be seen in connector. However, with TLS communication fails. This is only example, but ours handshake also fails at Change…

Hi Configured one more WAN IP in the Sophos XGS136, link is up but traffic is not moving through new link, checked load balancing, everything is looking fine Pervious link is working fine, however the new link is not working, able to ping 8.8.8…

Hi There I recently acquired a second-hand XG115W. After wiping the SSD, I successfully installed the V20 HOME firmware on it. However, I've encountered this issue after the installation: Ethernet ports 2 and 3 do not function. I can see the activate…

Hallo, ich versuche gerade vergeblich, eine XGS neben einer anderen Firewall zu betreiben. Die XGS soll im ersten Schritt mit nur einem Port als vorgeschaltetes Gateway und WebProxy dienen, bis das Netzwerk komplett umgestellt ist. [PC] -> [XGS…

Hey Guys, I am using the Sophos XG as DHCP server which provides two DNS servers. One is a Pihole and the other one is the SophosXG itself. So normally the devices should resolve internal and external domains via Pihole, but when it is not available…

Hi everyone! I’m facing a puzzling connectivity issue in my PABX setup. My NS300 cannot be pinged from my Sophos XG4500 when my SIP router is connected to the core switch. However, I can still make calls outside, which adds to the confusion. Coreswitch…

Hi, not a huge problem, but I cannot find logic behind. I have XGS-136 in main office, and from there I monitor with PRTG 2 distant branch offices, which both have XGS-87. Interesting, that both branch offices experience increase in PING latency at…

Hi Sophos Geeks! I'm having a problem accessing my WEB Application using Public IP in my local network but working if I'm accessing it externally. I already configured the DNAT policy Source zone in Any Zone but still no lock. Currently my version…

Hello everyone, Since yesterday, we have been experiencing a consistent IPS alert from our firewall (XGS Vers. SFOS 20.0.2 MR-2-Build378 ). The affected connection is between our email gateway/proxy in the DMZ and our mail server. Every 30 minutes…

TLDR - IEEE 802.1Q reserves VLAN ID 0 for a special purpose. Sophos XGS firewalls do not implement this special purpose correctly, preventing communication with some ISP Gateway modems. The request for proper implementation of VLAN ID 0 handling is being…

Hi there, since some days, we encounter Bruteforce-Attacks against our Mainfirewall (Sophos XGS): Access from IP address '92.53.xxx.xxx' is blocked for '30' minutes after '5' unsuccessful login attempts I've tried to block all requests from…

hello, I got this intrusion attempt for the first time. just don't know what to do. I looked for any recent downloads and browsing history, and asked the user if he plugged any device to the computer but nothing suspicious found. this is a screenshot…

Hello, I've added a DHCP-Server for an interface on my XG. The interface is an RED-VLAN-Interface and ping from the switch is working. An Accesspoint connected to the switch did not get an IP-Adresse. Today we found out, that we have the same problem…

A customer site has a 2nd gateway that is required to access one of their vendor's systems. Our Sophos XGS has static routes in place to direct any traffic intended for the vendor network to the 2nd router. Rather than adding host entries for the vendor…

Hi Sophos Community After a lot of trial and error I'm hoping you can help me finding a solution to my scenario: In my home setup I have my wan-interface of the sophos in a transit network. My ISP router forwards any traffic to the sophos. Now…