Hello, I have a question about the configuration of my UTM. At the moment here is the situation : I have a UTM with FQDN I have two types of computers in my network : Computers who can have UTM certificate BYOD in which i cannot ad the…

Hello sophos community, my name is Bernd Bauer and I´m a Sophos XG Newbie Last weekend we equipped one of our costumers with 5 Sophos XG Firewalls. 1 HeadOffice XG210 and 5 BranchOffices with XG105 I installed the latest firmware on the head…

I am currently in charge of doing internal PCI vulnerability scans for the company I work for and we are currently using openVas for our vulnerability scanner. When scanning our UTM instance I keep receiving the following Vulnerabilities - Check for SSL…

Hi sophos, Our old SSL certificate is only valid for one more day. So we bought an SAN certificate with multiple domain names in it. Domain name is listed. When we loggin as superadministrator and upload the new certificate. Also we removed the…

Finally I'm trying web content filtering. I have deployed on every client on my network the sophos certificate, except the mobile clients, and I have activated two basic rules in this order: - Authenticated user -> Lan -> Wan -> HTTP and HTTPS scan…

While setting up the SSL VPN I was able to make a few configurations on my test remote client with multiple working VPN connections to the Sophos UTM all using the SSL VPN. But when I clean up and setup, how I would like, I found out that the user portal…

I am only seeing the option to use the ApplianceCertificate or a self-signed one. I would like to use a publicly trusted one.

Hello everyone, I have a mail server I would like to place behind the UTM's Web Application Firewall. I need to open ports 443 (ssl) and 993 (ssl over imap) as our mail server uses both ports. I have no problem setting up the real and virtual web servers…

I was researching the idea of using a subordinate CA in Web Protection for HTTPS decryption and scanning. The idea behind this is that, instead of trying to deploy/re-deploy a new certificate for this to function, that I would use a subordinate CA created…

I have an SSL certificate from GoDaddy that I am trying to import into the XG 230 firewall. It wants the private key in a .key format which GoDaddy is only giving me a .crt format. The certificate key is in .p7b format which works just fine it appears…

Hallo, ich nutze hier zu hause eine UTM und habe nun mal das https scanning aktiviert. Natürlich habe ich das Zertifikat an allen Geräten eingespielt. Windows Rechnern und iOS Geräten. Soweit funktioniert es auch, trotzdem muss ich massig Ausnahmen…

Hello, I would like to write a firewall rule to drop all SSLv2 traffic attempting to travel through our UTM because of the DROWN vulnerability . We have a couple of servers susceptible to the attack and it would be nice to first block the attack at…

Skype for Business is unable to sign in when SSL filtering is enabled. Does anyone know what exceptions need to be added to get it to work?

Hi everyone, I'm a newuser of Sophos Entreprise Console and after installation of this product I would like to change port of console administration from 80 to 443 to use an SSL certificate generated by my own Root CA Microsoft? Can you tell me…

Reference: We are using the SG230 at UTM 9.355001 with Full Guard as of 12:35AM today. Our UTM appliance manages all inbound and outbound and internal traffic. Issue: Since we have deployed 9.354 (and all updates since), all of our mobile devices…

I have just setup SG 125 using UTM 9.3. I have been trying to get the SSL VPN to work and been unsuccessful. I had help directly from Sophos for the setup as well as I have double-checked my setup from the guides. Our main DNS/AD server is a Small business…

Hi, So I have kind of fixed the slow ssl/openvpn issue, but I can't seem to find a way to put the exception in. - Part 1 of the fix was to disable the UDP flood protection - get 1.5-2mbit (otherwise caps out ~0.5mbit) - Part 2 disable IPS get full…

We have a SG115W. Our host uses IMAP 993 and SMTP 495 - Outlook cant get to the mail isp. I can browse web just fine and SSL works fine on the browser. I can not get any emails through outlook. Our firewall log shows ports 993 and 495 being…

We are setting up a new UTM 9, and cannot get traffic to flow to the local lan through the VPN. We can connect, and ping our own station, but we are unable to ping any address on the local network.

So the other day I did my every couple of months bounce of my comcast modem. As this is recommended by them and normally everything goes just fine. However I was having some issues with my additional addresses but once I called Comcast they magically…

Hi. I am trying to add the Let's Encrypt Intermediate Certificates and they are failing to import. I was able to import the ISRG Root X1 certificate but not he intermediate certificates. My certificate is signed by the Let’s Encrypt Authority X1 and I…

I have my Sophos UTM 9 on AWS configured like this: CloudFlare <--> AWS External ELB <--> Sophos UTM 9 <--> AWS Internal ELB <--> Web Apps The AWS Internal ELB is configured as a Virtual Web Server in the WAF. Firmware Version: 9.352-6 When I…

I have Sophos SSL VPN Client 2.1 installed (Win7 x64 machine) to connect to a client's network. When I check the SSL VPN network adapter it's reported to have only a speed of 10 MBit/s. Any way to change this to make the connection faster (because the…

Hi. I have SSL VPN working with remote access users. I can remote to any of the machines listed in Tunnel Access - Permitted Network Resources however I cannot use my XG Firewall as a gateway. When ever this setting is turned on, remote clients cannot…