Hello, I'm facing a problem on UTM 9 (las version). I can't delete a CA from the WebAdmin. The button isn't display, the icon of the CA isn't the same as the others. For exemple, ohters CA look like this : The CA I want to delete, is used…

I received the following email, this morning: The Terms of Service for Let's Encrypt have changed. Please go to WebAdmin to review and accept the new Terms of Service, otherwise you won't be able to create and renew Let's Encrypt certificates. …

Hello everyone, I've been attempting to write a script to add (and also remove if needed) SSL/TLS scanning exclusions in Sophos Central. From what i've gathered, it's the following PATCH request that needs to be sent: Endpoint API | Sophos Central APIs…

Hello folks, I'm reaching out for assistance for an issue that I've been working with Sophos Support for over a week that we're having issues trying to fix. Any helpful information is greatly appreciated. Here's the scenario: Prereqs - I've followed…

Hi all I have just provisioned a new WAN interface (LTE router) as a failover WAN at a site with latest UTM. Any traffic from this WAN that hits an SSL endpoint on UTM or LAN (incl. WebAdmin, SSL VPN, SSH & other HTTPS servers) simply times out. …

Hallo, Wir haben auf der SG230 SSL-VPN im Einsatz, neue Benutzer werden über AD Gruppen synchronisiert, das hat bis jetzt gut funktioniert. Beim synchronisieren neuer Remote Benutzer vom AD erhalte ich seit kurzem eine Fehlermeldung im prefetch: 2022…

Hi Has anyone successfully been able to install OpenVPN Client alongside Sophos Connect v2 client? It appears that because the Sophos Connect v2 software utilises the OpenVPN service for SSLVPN connection you can install them together but not have multiple…

Hello all, Somehow I missed getting the EOL notices for SSLVPN and only saw the information this past week when looking at FW 9.710-1 upgrade . I'm having my end-users, log into the present portal (9.709-3), download their .OVPN config, uninstall 2…

Hi All We have recently recieved a notification that the Sophos Connect SSL VPN Client for windows will go EOL in 2022 and the reccomended path is the Sophos connect Client 2.1.20 that now supports SSL Vpn connections. This is great. I have tested…

Hello! Recently I've had to investigate how people have been bypassing XG and Endpoint filters, the XG was simple to fix however the Endpoint (intercept x advanced) has proven problematic. The biggest offender is CroxyProxy, which runs a web based…

I have a Sophos SG210 UTM. We are currently using the SSL VPN client, which can be downloaded from the user portal onto any computer. My manager doesn't like the fact that someone can install the VPN client on their personal computer. I have a full…

We are using a Palo Alto firewall and using ssl decryption to monitor traffic. We have noticed though that when using the setting "Block sessions with untrusted issuers" that the Sophos installer is no longer able to connect to download the required…

Hi, I did a vulnerability scan of my external IP and in the results I can see that SSL3.0 TLS1.1 and TLS1.1 are still supported for Port 3400. I guess this was already asked before but I didn't find it in the forum. Is there already a solution for…

Check out Sophos Techvids for video help guides! Overview below are the steps to generate a Self-Signed Certificate using IIS in Windows Server 2012. Applies to the following Sophos products and versions: Windows Server 2012+ How to create and…

Hello all, I'm having a very simple configuration which seems not to work UTM9, Home Edition license, in HTML5 VPN Portal I define a new connection, HTTPS to one of my server (simple Apache server). When I try to access the link from the VPN Portal…

Hello Sophos Support/Community One of our users is being notified their router has SSL Stripping, I can see this issue has been going on for quite some time (2 Years) and potentially resolved on Android devices, however our user is using a iPhone…

Good Afternoon Everyone, Setup: Sophos Firewall - SG115 Old Servers - MS Windows Server 2008R2 / PowerEdge R710 Active Servers - MS Windows Server 2019 - PowerEdge R440 User - Dell Latitude 5580 Situation: We recently did a server migration…

Hi i just had a problem with my RED device i want to share. The same problem with AP. I tried to connect the RED device with my firewall but faild. With another firewall it worked fine. RED LED error code was No configuration available or firmware update…

Hi, I did manage to config WAF for Synology Sync drive. But i dont have any protection. While im uploading testing file "Eicar" it gets passthru... Why i dont have AV, logs and other options turned on. Thx. #xg #synology #WAF #"web protection…

Hello, is it expected bahaviour that the XG is adding several months to the certificate of a website when doing HTTPS decrpytion and inspection? We noticed this today and were confused. If this is "works as designed" - What is the purpose of doing…

Hi there, We noticed that after upgrading to SFOS 18, Sophos XG is not using the correct SSL Certificate for the captive portal. As you can see we have it set in the Admin settings on the device: And it's being used on all services, but the Captive…

For example openssl s_client -connect www.sophos.com:443 -servername www.sophos.com In this case, No decryption. It is normal. openssl s_client -connect www.sophos.com:443 In this case, decryption. I think it's because there is no SNI (Server Name Indication…

Dear all, i'm running a XG (SFOS 18.0.3 MR-3) and have figured out that if i have SSL/TLS engine enabled the Apple continuity does not work - in the beginning i thought something is blocked by web rules or application filters - no it is definitiv the…

users reported sites not loading showing the error SSL_ERROR_RX_RECORD_TOO_LONG. this is caused by intercept X Web Control function. When I disable this feature, the websites are loading fine. example: https://www.weihnachtsbaum-heidelberg.de…

Hi, We have recently migrated from Cyberoam to XG and one thing I want to do this time is setup Certs properly (we're a MSP who inherited Cyberoam). I'm ok with all the different types of Certs etc. (from having to manage them for websites, Exchange…