I started receiving notification on certificate expiration. I found out it is DST Root CA X3 global verification CA. I disabled this certificate, but still receive notifications. How to delete this certificate correctly as there is no delete option in…

Sophos intercept x for mobile web protectionCan Sophos intercept x for android web protection detect previously unknown malicious web pages? Like a malicious web page whose URL has not yet been registered/recorded in the sophos threat intelligence…

admin we have enforced entire organisation with a standard Web Protection Policy. our marketing personnel is not able to access google Ads because it falls under one of the blocked categories. is there a method we can allow this user/device to bypass…

Nth

Dear Sophos support As tried to share some ideas and its written in the Ideas page but sounds that nobody read :D So I thought to yell my ideas in the support chat but sounds the matter so complicated and the chat Guy WAS NOT helpful.. So i thought…

Today 05/27/2021, our SG UTMs started denying access to outlook.live.com due to its reputation being set to suspicious. The reason given is related to PUPs. I suppose I could see some far fetched rational for this but, really, it's outlook online guys…

Hello, We have 4 terminal servers for which we have defined a web filtering policy. All the servers have an internal application installed which reaches out to the internet on port 9009 to update some information within the application. We have allowed…

I've seen this answer: https://community.sophos.com/utm-firewall/f/web-protection-web-filtering-application-visibility-control/125440/windows-update-fails-on-utm-9-705-3 But the proxy is still blocking access to http://2.tlu.dl.delivery.mp.microsoft…

I would like to create new filter categories to use in Web Filter Profiles. When creating a new "Filter Category" sub-categories have to be selected. Are there any lists which websites will be blocked by a certain sub-category? For example the sub-category…

Hi All, Recently I have noticed a weird issue that my computers behind Sophos UTM are not loading Apple iCould Content. I have made all apple exceptions as showing below. It keep loading!!!!! It works when I switch to 4G connection. Any suggestions…

Hi, we operate in non-English speaking area where most of web pages are in some other languages. Sophos XG web filter is lacking A LOT of classification on those web pages and current process for classify those is very time consuming. The way we know…

Hi, so anyway, my UTM is blocking any http sites/traffic. but https is fine. any ideas? the UTM is on Bridge Mode the error:

Hi Everyone, I'm a little new to Sophos XG Firewalls and really firewalls in general. I always thought it was not possible to host multiple services (e.g. websites) on the same port and public IP address but when I started to play with Sophos XG Home…

Hello, over the day we have a lot of block reports from different users in Sophos Central with this URL: 'https://trmcdn.eu' blocked due to category 'Intimate Apparel & Swimwear' I assume, this site is hosting media files for newspapers or so in…

Hello All, This is a repost of an unsolved problem from the Sophos subreddit ( www.reddit.com/.../) , so if it looks familiar that's why. I'm running Sophos XG SFOS 18.0.4 MR-4 and running into issues with web filtering. In short, the category "IP…

On my UTM firewall I was able to add a web exception like this: ^https?://([A-Za-z0-9.-]*\.)?gstatic\.com/ But on XG 18.0.4 if I try to enter this, I get an error "You must enter a valid domain name" I was able to slightly modify the regex by removing…

Hello, I am having an issue, in which users, after hitting a blocked website, are redirected to a page in the firewall that doesn't exist. If a user accesses Netflix and is blocked, it will be redirected to: https://<XGFIREwall_FQDN>:8091/ntlmauth…

After upgrading the firmware to SFOS 18.0.3 MR-3 now users are not able to access web services using local/Private IP addresses, only it works when NATted to the Public IP. Could any one help on this please?

Hej, I have the following problem: on certain pages the SSL/TLS inspection is effective although the filtering is not active in the firewall. This affects both the new XStream filtering and the filtering via the web proxy. A HTTPS connection cannot…

Hello, is there anyway to setup SSL VPN without static ip, there is no option on ssl vpn configure to define the public domain name. This option available on XG and it working fine, but UTM i don't see way to setup remote access without static ip.

We are using the XG with Web Application firewall rules and path routing. It works but is there a way to translate a long inside path to a short outside url? With our old firewallI it was possible to have something like ourdomain/RestAdapter translate…

I have a client who needs to be able to disconnect SSL VPN users based on them trying to access another website such as Dropbox or another public cloud. Here is the exact question: " Can we drop connections based on the site accessed? ie. dropbox or…

Hello, Until now we used AD-SSO and it worked. Now we're in the process of hardening our AD and want to disable NTLM as far as possible. Since the UPM uses NTLMv2 for SSO that's a problem. Of course we can define an exception to still allow NTLMv2…

Hi everyone, How and where do I enable wildcard blocking? I want to block all the stupid, ",io" TLD's among others. Something like this; https?://[A-Za-z0-9.-]*\.io/ just not sure where to put it. Thanks in advance!

We have created Site to Site VPN tunneling . Port 443 of the specified IP but cannot access the IP . The error log say Web protection block how to fix this . I tried adding IP in exception and while list but that doesnot work How to fix this