Hello everyone, I've been attempting to write a script to add (and also remove if needed) SSL/TLS scanning exclusions in Sophos Central. From what i've gathered, it's the following PATCH request that needs to be sent: Endpoint API | Sophos Central APIs…

I'm running the Home License of Sophos UTM on a physical box (Protectli Vault) as well as a VM on my Synology. After I updated to 9.718-5 of the firmware, I am no longer able to access WebAdmin from my PC on either of the upgraded UTMs using either Google…

I would like to setup encrypted email. When enabling this I receive the following message: Before you turn on message encryption, make sure you have TLS v1.2 configured on your email gateway How do I configure TLS v1.2 on the email gateway?

Hello All, We are having issues with mail delivery today. Looking at the logs in Exchange I am seeing the following entries. Anyone else having issue? Reason: [{LED=450 4.4.317 Cannot connect to remote server [Message=451 4.4.0 Socket error SocketError…

Hi there, As per the manual, you can set that when TLS is not available the message will be encrypted. Is Sophos also checking if the certificate is valid? In the email appliance, you can separately choose both options. You can select the following…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table of Contents Overview Strong ciphers Weak ciphers…

Hallo Wir hosten bei uns 3 verschiedene Domains. In den SMTP TLS Einstellungen haben wir ein Wildcard Zertifikat für unsere Hauptdomäne *.company.com drin. Laut dem TLS Verbindungs-Test hier "www.checktls.com/TestReceiver" funktioniert die TLS Verbundung…

Guten Abend, ich dachte, dass das eigentlich eine ganz einfache Frage ist, aber nach der Suche hier im Forum bin ich komplett verwirrt. Vielleicht kann mir jemand unter die Arme greifen: Ich möchte, dass alle Endgeräte in meinem Haushalt einen bestimmten…

Like the title says I am seeing a huge volume of SCHANNEL error events in my Server2012r2 severs that are all relating to requests to 4.sophosxl.net From what I can tell that URL is supporting a narrow string of Cipher suites for TLS 1.2 that were only…

Dear Sophos Community, I have Sophos Endpoint Protection 10.8 running on Windows 2016 and Sophos Management Console running 5.5.1 running on a separate server . I have disabled TLS version 1.0 and 1.2 on Windows 2016 server, as a result after the reboot…

Since this week me and my colleagues cannot upload files to ftp.sophos.com:990 over explicit TLS happens to 195.171.192.29 and 195.171.192.30 Probably caused by Sophos Servers only offering TLS 1.0 Using filezilla latest version 3.56.0 with GNUTLS…

We use a Sophos SG430 | UTM 9.707-5 for SSL VPN. It worked flawlessly for the last 9 months. Two days ago we physically moved the hardware appliance to a new server room. After we powered and booted the UTM again, everything worked fine, except the…

Hallo, wir würden gerne die TLS Version für die Webserver Protection auf v1.2 anheben und möchten dafür vorher überprüfen, ob noch Verbindungen über TLS v1.0 oder TLS v1.1 aufgebaut werden. Gibt es eine Möglichkeit das über die GUI oder die CLI…

Hi, I did a vulnerability scan of my external IP and in the results I can see that SSL3.0 TLS1.1 and TLS1.1 are still supported for Port 3400. I guess this was already asked before but I didn't find it in the forum. Is there already a solution for…

For secure communication with one of our customers we need to comply with the two following conditions. Is this possible on the Sophos UTM SG450? - Validate certificate ( There should be a check when sending email using TLS that there is a trust with…

Is it possible that outbound email messages secured by enforced TLS present the TLS certificate for verification? At the moment the certificate seems only to apply to incoming email. Incoming: 2018-06-05T14:21:11.056403+01:00 <ext mail srv> sendmail…

Hi All, I have had a security scan performed on the outside of our utm and one of the results displays the following message: Synopsis The remote web server uses an old version of SSL. Description The remote service accepts connections…

UTM 9.5 introduced the ability to set the TLS version on a per-VWS basis. This was a much needed feature that allowed us to increase the TLS version setting for Virtual Web Servers that we wanted to run a higher version, whilst allowing us to continue…

Hi there, some of our external users reported that they could not connect to our RDS Server (W2k2R2) over the RD Gateway (W2k2R2) anymore. This only affected the Win7 Users (latest patches) and started "in december". After ruling out Windows Update…

US-CERT have released an advisory about a new vulnerability in TLS which could allow an attacker to access sensitive information by obtaining the TLS pre-master secret which will allow TLS traffic to be decrypted. http://www.kb.cert.org/vuls/id/144389…