Hi, I have set up a new Web server protection rule following this guide. Everything works fine using port 80, but when I change the port to 1001, I get 503 Service Unavailable: Web server : IIS (Windows 11). Binding: Type: HTTP, IP address: all…

Hi there, I’ve configured WAF for an Exchange Server 2019 according to this guide: https://www.frankysweb.de/sophos-utm-9-4-waf-und-exchange-2016-ohne-rpcoverhttp/ OWA and ActiveSync works fine but I have trouble getting Outlook Anywhere working…

Hello, We have a protection Policy for the NextCloud on Sophos, unfortunetly we have many issues with uploading Photo (many times the upload not working at all what ever is the Photo size or extantion ), every time we must connct to SSH to check the…

WAF rule not working for a website that hosted on internal IP in windows server 2012

With reference to below doc https://docs.sophos.com/nsg/sophos-firewall/20.0/help/en-us/webhelp/onlinehelp/AdministratorHelp/WebServer/AuthenticationTemplates/index.html Is there any variable available to get client ip address? Example "client_ip…

Hello, we have also this problem and cannot send larger emails from mobile phones throuth our XG135 firewall. (ActiveSync) What are the steps to fix this problem? (1MB Limit) Thank you

Seit zwei Tagen erscheinen keine Einträge mehr im WAF Log auf der Browseroberfläche. Es wurde nichts an der Firewall geändert. Durch einen Hinweis in diesem Thread WAF not starting after reboot due to config error habe ich nun die Protection Policy deaktiviert…

I received the following email, this morning: The Terms of Service for Let's Encrypt have changed. Please go to WebAdmin to review and accept the new Terms of Service, otherwise you won't be able to create and renew Let's Encrypt certificates. …

Hello Sophos Community, We are migrating from a UTM 9 unit to a new Sophos Firewall unit and I've setup a WAF rule for two internal web servers. When setting up the firewall rule, I chose the Action dropdown option of "Protect with web server protection…

Hi all, I'm looking for a bit of hand holding and guidance here. What I am trying to do is allow access to internal containers hosting multiple websites and applications. I have a fresh Sophos Setup with no special custom rules or anything yet. I have…

Gday Needed to forward 25 ports to a webserver using WAF. I can't for the life of me work out how to enter in more than one port to either. Surely I don't need to create 25 webserver and 25 WAF rules? Anyone done this before?

Servus zusammen, leider ärgert mich die Webserver Protection der XGS gerade und ich finde den Fehler Partout nicht. Die Webserver sind soweit passend konfiguriert. Wenn ich die Firewall Regel (Protect with webserver protection) anlege, und dort als…

Hello, I am getting some unexpected and unwanted requests (trying to find exploits) that are handled by one of the WAF Rules: Here's the WAF Rule that is being it with this traffic: Here's how it looks in the Event Viewer: How can I change the…

Hello, We have the problem that users who work from home and only have an IPV6 address cannot use the WAF rules and web server access. Can we allow "any IPV6"? "any IPV4" is allowed. What would be the best approach here? Thank You!

Hi, I need advice how to Deny Direct IP access from browser. So, it only allow access by domain-name. How it done through Sophos Firewall configuration rule? I use Sophos XG 310, SFOS v20.0 Thanks

Using Web Server Protection, I want a web server to only be reachable from some IP lists or IP host groups. How can I achieve this? In Access permission , Allowed client networks , it seems that I can only choose individual IP hosts of networks. Am…

I'm struggling to block access to the WAF, I am trying to block all but Cloudflare IP ranges from accessing the WAF however there is still traffic hitting the WAF from non cloudflare IP's. If you are a non cloudflare IP then you get a forbidden page instead…

We just had a PCI compliance scan and we failed because HTST wasn't enabled. Looking through everything HTST is enabled on all of our Web Server Protection rules including the default one. The PCI scanning company said the server replying is using apache…

Is there a simple way to replace an expired certificate without having to manually replace it with a valid one in all WAF rules and other places where it is used?

I'm getting an error on a URL with WAF for Static URL Hardening. I've added an exception but still getting the same error. What am I missing?

Hello guys! I have a home server running a few services on port 80 and 2-3 other ports I also have dyndns (3 hostnames) and have been using waf to connect to those 3 services without the need to enter a port in the url (There are also a couple of…

Hi, I would like to setup a Webserver protection using the WebServer and HTTPS to the Sophos FW, but behind the Firewal, I want to use HTTP. Could anyone tell me how to setup that? I can see how to setup for HTTPS, but I am not sure how to send it using…

Hallo everyone, I am facing with an issue in sophos XG with web server protection. I have created a WAF rule and redirect my alias ip to my webserver through HTTPS 443 select my certificate *company.com and add my webserver host my company.com but…

Dear All, I am facing with a Problem in sophos xg web server Protection, I have created all needed ruls and upload the ssl certificat to xg but in web application rule under the Host server when I select the HTTPS in the dropdaown menu I dont see me…

So i know this topic has been discussed before but no one puts in a complete answer so going to ask it again. After enabling Exchang enhanced protection OWA externall breaks. I know this is due to the SSL offloading as this is mentioned in several posts…