Hi everyone! We are using a Sophos XGS2300 (SFOS 19.0.1 MR-1). We uploaded a pfx-certificate to the WAF which specifically included only the webserver certificate itself and its intermediate certificate. But, when we check the site with a tool like…

Hi All I've been using my XG210 now for a few years, but I've always had random issues with DPI/Web Filtering, around 10% or more of the time I have users who will see the self signed certificate wanting when going to a site they shouldn't be on then…

I am on 19.0.MR1 I have an uploaded certificate which is no longer needed. It was used in WAF rules, those were deleted a couple of weeks ago. However I cannot delete the certificate, I get the red box at the top with " Couldn't delete certificate…

Hello, I have a issue for validation the imported Lets Encrypt Certificate. I issued the certificate with certbot and uploaded it with le2xg.sh. That is working. Sophos XG 18.5.4 MR4 But the certificate is still marked as untrusted. I read some…

I uploaded the certificate in every format (.pem,.pfx,.Cer) but none of showing trusted and always showing RED (X) in trusted. Please assist me to fix on this issue at earliest. Please find the attached screenshot too. Thank You.

Hi as per the subject in the ApplianceCertificate certificate in the subject field I have incorrect values such as the email field, in which na@example.com is reported how can I correct this data? thank you Oggetto /C=NA/ST=NA/L=NA/O=NA/OU…

Hi, Certificate list request ends up getting a TAR archive instead of API output. Request made is as following: <Get><Certificate><Filter key="Name" criteria="like">cert name</Filter></Certificate></Get> or <Get><Certificate></Certificate><…

Hi, Despite my positive feelings regarding Sophos products, API documentation is worst I have ever seen! It lacks very basic command explanations or examples, for example to delete the certificate it says that Name attribute is required BUT, it does…

Hi, I'm trying to get list of uploaded certificates using API to determine if the upload process required. API doc show only Add/Update or Delete certificate. Where is option to get list of certificates or get certain certificate by its name for instance…

Hello, I have a sophos xg appliance with https scanning enabled. The appliance seems to cache website's certs. Sometimes if the maintainers of website misconfigure SSL settings, a wrong certificate is served by the webserver and this gets cached…

The CAA certificate on our XG 18.5 MR4 has expired without any warning. Nice! So all our clients with CAA cannot authenticate against that firewall. How would Sophos resolve that issue withour recreating the ApplicanceCertificate? C:\OpenSSL…

I have an SSL certificate from GoDaddy that I am trying to import into the XG 230 firewall. It wants the private key in a .key format which GoDaddy is only giving me a .crt format. The certificate key is in .p7b format which works just fine it appears…

Hi all, having a few issues with expired certs that are on the XG. (Google namly) I have deleted the certs from the XG using putty ssh in /var/certcache/ I am now having other domain with the same error (xg thinks the cert is expired when…

Hi there Last week, my wildcard certificate expired. No biggie. Got a new one, imported it into the firewall, everything ok. When I selected the new certificate in my WAF rules, I was able to save this configuration and expected the firewall to use…

We will be migrating from the XG 310 to the XGS 3100 and I was wondering if the previously installed SSL client software would connect to the XGS3100 as it does currently to the XG310? Is there a client upgrade that needs to happen as well? Thanks.

We just recently upgraded from an XG to XGS firewall and having random issues with certificates. I've had to manually add updated ROOT and Intermediate CA certificates for Digicert and a Top Level DOD certificate among others. I have never had any issues…

Hello, Starting to get a bit frustrated with the Sophos web certificates - think I am going around in circles. I have both the Default Appliance certificate and the Security SSL Certificate installed into the Trusted Certificates store on a Windows…

Hi Community So I am having trouble with configuring SSL certificate Currently I have a webserver hosted outside with a wildcard SSL Certificate Now I have webservers hosted on-premise that I want to upload the SSL Certificate too. If I revoke…

Dear expertise, i have one server currently put on DMZ behind sophos XG. currently using XG230 (SFOS 18.5.2 MR-2-Build380). this is server is running on apache and using an entrust SSL certificate configured on host. on XG we have several LAN created…

I've been trying to get locally signed Certificate to work for the firewall's LAN IP. Unfortunately with all effort i tried, microsoft edge still consider firewall's page as non-secured. However when switched to public ip instead, it works. Currently…

SSL Certificate Distribution – I just wanted to check that there is no way to add a link to the SSL certificate that clients need to install from the Sophos Sign In Page? The Smoothwall Sign In Page had a separate section which allowed you to download…

Hi, I am using this script from user burton https://community.sophos.com/sophos-xg-firewall/f/discussions/129768/letsencrypt-api-update-script---dynamically-handles-multiple-certs-multiple-rules-including-re-grouping-of-policies-rules However since…

My HA XGS136 cluster is experiencing this issue with heartbeats: I get an error alert in Sophos Central The renewal of your Heartbeat intermediate certificate has failed Looking in the heartbeat log I can see failures. tail /var/tslog/heartbeatd…

Hello, I am running Sophos XG (Home) 18.5.4 MR4 and about to set up a remote-access SSL VPN profile, but changing SSL VPN settings will just not work and settings keep reverting back to default. There have been at least 2 precedences to my knowledge…

Hi, I am seeing these errors in the log for some websites which tend to utilise tracking information, particularly those which utilise a CNAME record to point to another address. For example, the website t.myrenews.com.au is a CNAME that resolves…