Hello, everyone. I created a DNAT rule. I receive the communication on the local interface at the SFW's IP address on the LAN and translate it to another destination that is remote on the VPN. I force a SNAT with the SFW's IP address that is assigned…

Guten Morgen! Kurze Frage, wir haben vor kurzem unsere XG durch eine XGS ersetzt. So weit so gut. Wir haben noch ein paar AP55, die ja nicht mehr von der XGS unterstutzt werden. Jetzt kam mir die Idee, die alte XG als Basis Firewall und WLAN Controller…

Hey liebe Sophos-Community, ich brauche eure Hilfe, da ich sonst nach drei Tagen rumprobieren wahnsinnig werde. Was hab ich vor? Ich betreibe zwei Sophos UTM Firewalls zuhause, eine UTM 320 welche das LAN verwaltet und eine SG115 welche das WLAN…

Hello, we have a problem which with the routing over VPN. A user is connected to SSL VPN with the XGS. The XGS has a site to site IPsec VPN connection to resources in the cloud. A request from the user's client using SSL VPN for resources in the…

Hello everybody! Right now I have the situation where I want to have multiple public Servers behind a sophos virtual firewall. For the Sophos i have a seperate public IP. I have a public IP Subnet for the servers that is routed via the public IP of…

Hi there, we have a /64 subnet (with gateway) and a /56 assigned by the ISP. No PD in place. I've assigned an address from the /64 subnet together with the gateway to the WAN interface, which is now reachable via IPv6. I'd like to assign IPv6 Addresses…

Hello, I'm not an expert (for the moment) on Sophos. For a customer that has an XG Firewall, he asked to configure a SSL VPN connection. As I already done this some years ago on a privous Sophos Router, it should be possible ;-) But the LAN/WAN…

Hello Team, I've successfully configured the Sophos XGS in my security account and routed internal traffic via the Sophos LAN ENI instead of using a NAT gateway, which is functioning well. Now, I have another workload VPC in a separate account that…

I have the need to change an incomming stream request to an different streaming server with different name name and on different port. For example: Request to www.test.com:8144/abc.mpeg www.test.com:8044/def.mp3 Is this possible and how? I tried…

Bei einem Kunden wird aktuell über die SG330 eine VPN IPSec v1 zum vTK Server der Telekom aufgebaut. Weil diese in Zukunft nur noch per IPSec v2 aufgebaut werden kann und die SG330 dies nicht anbietet, wollen wir die VPN Verbindung über den Lancom aufbauen…

1. We have a 2 XGS connected via a private ISP fiber and the interfaces are LAN / GIG. 2. For resiliency we have a IPsec Tunnel interface between the same, using a disparate ISPs at each location VPN/GIG. We have been using OSPF for all of our routing…

Servus zusammen, ich bin gerade dabei, eine Sophos SG230 auf eine XGS2300 zu migrieren. Auf der SG230 hatte ich eine Gateway-Route konfiguriert, bei der diverse Zielnetzwerke in einer Netzwerkgruppe zusammengefasst und zu einem Core-Switch geroutet…

I've successfully setup my first SSL VPN for remote access into my network, I can immediately access the listed first subnet, my internal infrastructure. However, I also want to be able to access two other subnets, they're listed in the SSL VPN profile…

Hello Sophos, today we received the information, that FRR has new CVEs: CVE-2024-31948 CVE-2024-31949 CVE-2024-31950 CVE-2024-31951 All versions <= 9.1 are affected, including version 8.4.2 on the Sophos firewalls. When will the update be provided…

Hi, Two locations are connected with MPLS. Both locations have Sophos devices. In both locations, the servers and PCs behind sophos can ping each other and access each other. However, when we ping or trace the same ip addresses in the diagnostics…

Hi Team, I have created a network on layer 3 with a point to point connection from port 3 of my network to the layer 3, which ideally hold my internal network VLANS & devices. on port 3 i have the one IP, and on the switch i have another ip (point…

i have two vnets in resource group. vnet1 network address is 192.168.0.0/16. Wan subnet is 192.168.100.0/24 Lan subnet is 192.168.200.0/24 Sopho Xg firewall is deploy in this subnet. Wan portB interface ip address is 192.168.100.4/24 and Lan portA…

Hallo zusammen, ich bekomme keine E-Mail Benachrichtigungen von der XGS, weil meine Externe IP in einer geblacklisteten ISP Range ist. Als Workaround möchte ich die E-Mail Notifications von der XGS über den IPsec Tunnel an meinen Lokalen Exchange…

Hi, I have been trying to implement SMTP routing for inbound and outbound SMTP traffic over a GRE tunnel. I have another thread about this but I am having some trouble with the source of inbound SMTP traffic, becoming the destination? (screenshot below…

Hello, I work on 2 Sophos XG on 2 different sites. They communicate with each other using a Site-to-Site IPSec VPN. Site A : Sophos-XGS 33100 (SFOS 19.5.3) Site B : Sophos-XG 330 (SFOS 19.5.3) 3 subnets of Sophos A are configured to be able…

Hallo zusammen, wir würden gerne die UTM mit der XG austauschen. Da wir auf dem UTM eine Gateway-Route statisch definiert haben, stellt sich uns nun die Frage, wie und wo ist das auf der XG möglich? Vielen Dank für die Hilfe.

Hi We are pulling our hair out slightly trying to get a SD-WAN deployment to play ball and have so far spent over 10 hours on the phone to support so far without them being able to explain why this traffic is doing what it is. The scenario is a 9…

Hello, I have a problem. I want to allow the internet to go to all branch offices through the XG firewall at the head office. The other branch office has a Sophos firewall, Currently, I have centralized internet connectivity at the HO as well…

I have two internet connections from two different ISPs. Let one be called X and the other be called Y. X and Y are separately connected to a firewall. I use X actively. I want Y to be active when X loses internet connection. Then, when X internet connection…

Hi, We have an issue that I need to resolve and I am unsure of how to get this to work. Scenario: 2 schools need to connect their networks via a backbone provided by Virgin. The backbone provided has a Cisco firewall at each end. School 1 has an…