Hello, as from here I can configure "Require sender email domains" to enforce TLS negotiation ( whitelisting ). Beside this I can configure "Skip TLS negotiation" ( blacklisting ). For compliance and legal reason I need to configure TLS negotiation…

This is partly a question, partly a what's other peoples experience with this Doing some heavy speedtest loads on an XGS136 and an XG 135 and while both units with TLS inspection on will do 800mbps+ on the download they will only do 190mbps(XGS136)…

I'm trying to test the web filter with a content filter and am experiencing unexpected behavior. I've created a blocked terms list with the following term: and uploaded it to a content filter called blocked_terms. I've also set up a web filter policy…

Hallo, ich habe mit einer Sophos XGS 2100 im HA ein Problem mit der SSL / TLS Encryption. Wir benutzen das Programm SFIRM, welches Probleme mit der Encryption hat. Ich habe dementsprechend Kontakt mit dem Sparkassen-Support aufgenommen und die…

Like the subject says, SSL/TLS Decryption is turned off in Central, but all three of my Mac Endpoints appear to be doing the decryption. Usually when I browse websites and I look at the certificate, it shows the XG's certificate as the issuer. Now, the…

All of a sudden, today after booting, I received a notification that I needed to trust the certificate for decryption. I allowed the trust. SSL/TLS Decryption is and has been disabled in the Policy. Now, everything I try to connect to in Safari, Chrome…

Explain like I'm 5 (maybe a 5 year old is smarter at this point, who knows)... We have SSL/TLS inspection rules under "Rules and policies." One of these rules is the built in "Exclusions by Website, which references both a Local and Managed TLS exclusion…

Using TLS decryption and vendor Docusign suddenly causes issues with our XG firewall on 19.5.3. Happens also on other browsers and OS. Here Safari in MacOS. it works using classic proxy as described here: https://support.sophos.com/support…

Hello everyone, Since v20 I need to disable / enable a SSL/TLS Decryption rule nearly every to every 2 days. It stops processing traffic and on a client device it "feels" like the internet is down. This instantly recovery after disabling / enabling…

Hello Everyone, Do you know how to disable TLS/SSL Server Supports The Use of Static Key Ciphers and commonly used Diffie-Hellman primes : on port 4443 on Sophos Firewall?

I need to add the TLS exclusions for allowing Office365 updates through because the Web Protection module is blocking them - I can update my Office365 apps fine without the protection as this has been tested successfully. My firewall is XGS87 running…

Dealing with a strange issue where the FW appears to be trying to decrypt a site even though the setting is OFF. Is there another policy that would be impacting this (or producing this sort of error)?

Hi Team, I configured a DPI Rule, that should decyrpt SSL/TLS Traffic, but it actually doesn´t, despite Policytest says, it does. Even if AV Scanning is active, the firewall does not block access to https://secure.eicar.org/eicar.com.txt . If…

Dear community, i think we are suffering the same problem mark57165 described in his post 'IPS Service - with no FW rules - Prevents Certain Sites from Loading'. https://community.sophos.com/sophos-xg-firewall/f/discussions/134535/ips-service---with…

Hi Sophos Community, We've had it reported to us by those that use the monitoring software that https decryption has stopped working. We aren't exactly sure when it stopped working, but it appeared to have done some time after moving to 19.5. Though…

I am investigating importing our TLS certificates using the SFOS API but running into an error that I am struggling to understand. The request XML: <? xml version "1.0" encoding "UTF-8" ?> < Request APIVersion "1905.1" > <!-- API Authentication…

Hello everyone, today the first occurences of DNS over TLS showed up in one of our customers logs. We have TLS Inspection rolled out at the company and are asking ourselves if the TLS Inspection also inspects DNS over TLS traffic and DNS over HTTPS…

Hallo, die TLS 1.1 ist seit 2021 unzulässig, wie kann ich das deaktivieren? Über die Einstellungen kann ich nur TLS 1.0 deaktivieren. Danke im Voraus!

Is the firewall (MTA mode) not accepting SMTP with SSL/TLS also on port 465/587? My Epson printer is not able to connect on 465/587 with the firewall: /log/smtpd_main.log -> nothing in log /log/smtpd_reject.log -> nothing in log ACL violation? Source…

Hi, after our installation of the firmware SFOS 19.5.2 MR-2-Build624 we have problems with sides with the follow error: Dropped due to TLS engine error: messageid="19006" log_type="Content Filtering" log_component="SSL" log_subtype="Error" severity…

Hi All XG330 (SFOS 19.5.2 MR-2-Build624) I have the problem of connectivity lost, in MS Teams while meeting as picture below. According to analyse packet between incoming and outgoing when we use MS Team, I found that in the time of connectivity…

I do not understand why this happens. I noticed it when I was in firewall log and build a filter like this: It does what it should do: If I then switch the log to TLS Inspection, it shows me only allowed traffic. I know that this filter "allowed…

Hi all, I was playing with SSL/TLS decrpytion and it breaks RDP connecyions with error "The Local Security Authority cannot be contacted". The only exception that works is if I make the excpetion for the address I am connecting to, which is extremly…

Hi, when you attempt to delete a group and it is in a firewall rule you are disshown a message advising the that group exists in firewall rules or policies. If the group is in a SSL/TLS rule you are shown a message cannot be deleted, which is not very…

Hey all, I've noticed that at home - a portion of IG won't load when connected to the Sophos VPN. I've checked the firewall logs and don't see anything blocked from IG. Any ideas of how/what I can do to get this allowed again?