Greetings everyone! This is my first time installing a renewed SSL certificate for our email server in our new XGS firewall. Where are all the places the new certificate needs to go? I've uploaded it in certificates. Applied it in email general…

Good Afternoon, We have recently performed a migration from Sophos UTM to Sophos XGS and I am currently working on re-instating the SSL VPN service for use by our third party support companies. We operate two DCs with services either 'homed' in a specific…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Overview This Recommended Read provides you with a quick solution…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Note: Make sure your Sophos Firewall time is correct to avoid potential…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Hello Community, Thank you to Rico for his contribution. This…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Note: Make sure your Sophos Firewall time is correct to avoid potential…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. ______________________________________________________________________________________________________________________________________…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. ______________________________________________________________________________________________________________________________________…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table of Contents Overview Untrusting & Uninstalling…

Greetings everyone, In XG firewall, I need to install and configure a renewed SSL certificate from Go Daddy. We have an Exchange server on premise. I've uploaded it into certificates. Applied it in firewall HTTPS OWA SMTP rule. Applied it in email…

Our customer recently updated the windows system patch. After the update, open the Outlook client, and always pop up a certificate warning. As shown in the figure below, please help analyze the cause of this problem, whether it is related to XG Firewall…

Hello, do you know if is possible to use a third party wildcard certificate to configure an SSL remote access on an XG firewall? Thank you in advance, Marco.

I am currently using SFOS 19.5.1 MR-1-Build278. I am hosting Emby (similar to Plex, I used Plex as it is more popular) container on my Qnap NAS, being protected by WAF. I have my own domain name from Porkbun, and I was able to generate SSL (Letsencrypt…

Hi foks, I am running v19.5.1 on the XG and macOS13.3 on the mac book pro and mc air. A couple of sites no longer work and the default is https even though I enter hrttp.If I use a hotspot the issue is not observed. I have a mac mini in which the…

Noticed some issues today with some popular SSL sites (linkedin, live, . These issues existed for some days but no one complained. The traffic was scanned by TLS/DPI engine and the servers had certificates issued by "DigiCert SHA2 Secure Server CA"…

We're having a strange situation again after it happened last week already on our SFOS 19.0.1 XG430: Some users browse to a website that has no exceptions on our firewall for decryption. The browser (firefox or chrome) show an error that the site…

I uploaded the certificate in every format (.pem,.pfx,.Cer) but none of showing trusted and always showing RED (X) in trusted for certificate issued from Digicert website. Please assist me to fix on this issue at earliest. Please find the attached screenshot…

Hi, purchased an XGS2100 to replace our SG230 for our Public WiFi connection. The device is not on a domain and has its own internet connection. It is only used for members of the public to get access to the internet on their own personal devices…

Hi folks, we are currently in the rollout of SSL-VPN Configurations and noticed performance issues at users which are using LTE Internet connections with latency. So we want to improve performance by switching from tcp to udp at the sophos firewall…

hi, i have XG430 , created a firewall rule and selected with following web filtering checks: Block QUIC protocol Scan HTTP and Decrypted HTTPS Scan FTP for Malware Decrypt HTTP during web proxy filtering. SSL and TLS inspection is enabled when user…

Remote Access VPN IPSEC with Authentication type certificate does still lead to invalid connection .scx file on SFOS 19.5.0 GA-Build197, SFOS 19.5.1 MR-1-Build278 and SFOS 19.5.2 MR-2-Build624 if the "Organization name" in the Certificate does contain…

I have been using SG135 UTM for 5 years and I decided to upgrade to XGS136. Just like in the UTM, I want the web admin certificate to be valid. I have made a locally signed self-certificate, installed and trusted but I'm still having issues above. I have…

Using XG 19.5.0 GA. I can only download the ApplianceCertificate as a *PEM. file. I am certain it was letting me choose the other formats once before. Now the only file format it allows to download is default.pem and appliancecertificate.pem which cannot…

Hi all, We are receiving this security alert on Outlook 365, since ever we installed the Sophos XGS136 firewall. Please guide me to solve this issue. Thanks,

Continuing on the discussion below: community.sophos.com/.../507230 Is there an easy way to do this from front end? This has become a common occurrence now, with the latest incident involving Google's certs. The given workaround requires usage…