Hi, I am using this script from user burton https://community.sophos.com/sophos-xg-firewall/f/discussions/129768/letsencrypt-api-update-script---dynamically-handles-multiple-certs-multiple-rules-including-re-grouping-of-policies-rules However since…

My HA XGS136 cluster is experiencing this issue with heartbeats: I get an error alert in Sophos Central The renewal of your Heartbeat intermediate certificate has failed Looking in the heartbeat log I can see failures. tail /var/tslog/heartbeatd…

Hello, I am running Sophos XG (Home) 18.5.4 MR4 and about to set up a remote-access SSL VPN profile, but changing SSL VPN settings will just not work and settings keep reverting back to default. There have been at least 2 precedences to my knowledge…

Hi, I am seeing these errors in the log for some websites which tend to utilise tracking information, particularly those which utilise a CNAME record to point to another address. For example, the website t.myrenews.com.au is a CNAME that resolves…

Hallo, Ich bekomme das irgendwie nicht hin wie bei der UTM OS mit dem Zertifikat. Also da gibt es auch kein Lets Encrypt wie bei der UTM OS. Kann mir jemand helfen?? Ich möchte gerne ein Offizielles Zertifikat auf meiner Sophos haben. Sie hat…

Hello, I am a home user of the Sophos XG firewall - SFVH (SFOS 19.0.0 GA-Build317) - and use it to proxy specific sites... one of those things I proxy is google and youtube. Recently, it seems that the certificates that my appliance creates have expired…

Hi, im have added default Sophos CA to Trusted Root Certification Authorities on my pc, also in firefox and still getting Unsecure connection error in Firefox (tested with 3 web browsers)... Do i need to generate locally-signed certificate with public…

Just for someone else with the same problem, I had a ticket with Sophos (for months just to get this answer...) because I didn't get this one working: https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Certificates…

XG FW - Some users have "Not Secure" notification even though all sites are HTTPS Users are authenticated and internet is working, however, no matter which site they go to it always says "Not Secure" "This site has a valid certificate, issued by…

Good morning! Having a hard time installing the client portal cert onto an iPad, I suspect it's because the self-signed cert I am using has expired (though it still works on devices that have already downloaded it). Task is to renew a cert in Certificates…

Hi Sophos, We currently use the SSL VPN for our remote user base, but as the included SSL certificate expires somewhat regularly we have to reinstall the local client. Whilst not the end of the world, it's an inconvenience when we have a significant…

Hello, I am new to the Sophos community. I am starting with Sophos XG Firewall. I have a Sophos XG86 that was working fine with a SSL VPN site-to-site connection in version 18.0.5MR5 to a remote site. I upgraded the remote site to SFOS 19.0.0.0 GA (Sophos…

Hello, since the update to Certificate error since firmware update to SFOS 19.0.0 GA-Build317 on a XG115 we get in Outlook an error message of the certificate from smtp.ionos.de. The Sophos certificate is imported on the clients. What else can we…

Hallo zusammen, gestern habe ich das Upgrade von SFOS 18.5.2 -> SFOS 19.0.0 GA-Build317 durchgeführt. Seitdem kommen bei Outlook (2019) immer die Zertifikatsmeldungen bei erstmaligem Abfragen der E-Mail Konten (IMAP+POP) Ich habe geschaut, das SSL…

Howdy, Issue with configuring cert based site-to-site VPN on Sophos XG 87 I am trying to build a certificate based IPsec tunnel on my new Sophos XG 87 FW v19. 1) I created the CSR by going to certificates > add> generate certificate signing request…

Captive portal in version SFOS 19.0.0 GA-Build31 is not using specified certificate as admin portal. Captive portal is using SOPHOS cert which is not correct in my setup. See below images. Have tried fresh re-install, upgrade removing and re-adding…

So we have 2 firewalls at different locations and we want to implement SSL/TLS inspection. Instead to installing 2 certificates we would like to use 1 for both firewalls. Is that something that is possible?

We purchased a bunch of XGS 136, reimaged them with MR2 and now upgraded them too MR3. Now I noticed that the default CA on all machines looks like this: This results in the default ApplianceCertificate to be issued by the Default CA looking…

Hi, This is the 3rd call I have logged for successful creation of Digital Certificate. Sophos L1 tried based on KB and also shared me the same, but till we are not able to create digital certificate successfully. Can anyone take my remote and help…

It seems that it is impossible to create WAF rules for web servers with https so that the web server would use its own certificate instead of cert from the firewall. Is it really so and is there any trick going around this problem?

I have a DNAT in place from WAN port to internal server on port 443 (HTTPS) for accessing to users workfolders. When you connect to external URL it gives out the sophos XGS 2300 appliance certificate instead of the ssl certificate installed on the server…

Hi,friends! From version 18.5, the product no longer creates a private key when generating CSR and a passphrase cannot be set. However, I was able to obtain the private key by the following method after CSR generation with this product. System …

Hello, Is there a way to update a certificate that is used in WAF Rules without touching every WAF rule?

Hi, While installing a new certificate, I get the error: "Certificate cannot be deleted. Certificate is already used in HTTP based policy." Anyone know how to find where a certificate is being used in an XG-135 v17,5? Two years ago I ran into this…

What I did: I created a csr in Sophos XG210 18.5.2 I used the csr to order an officially signed ssl cert via GoDaddy after verification via dns the SSL was issued I upload the intermediate and root cert Uploaded the hosts cert via .pem…