After a year, I've decided to try Sophos XG again. Currently using UTM 9.5 - which has its issues, but works well. I am trying to find out how to force all web requests through the proxy port. Sadly, I'm not getting far with Sophos XG. If I add a…

Hi, XG has an poor detection rate in webfiltering, e.g. when trying to open websites of denied web categories like "nudity" or trying to open malware infected pages. Is this caused by putting new websites in wrong web categories, or is this because…

Hello, I'm having a frustrating problem with forwarding TCP 80 & 443 to an internal server. No matter what I do the firewall just keeps dropping the connection. I've got many other DNAT rules in place which work perfectly well but anything I do with 80…

I haven't been at this company long and I've never managed a Sophos UTM before but every user here is plagued by certificate errors in Outlook. We use Office 365 and Outlook 2016 and users are constantly presented with this prompt... Of course many…

Hi all, opened a support ticket for this as well - however, as my last ticket is still open after 6 months with no reply at all I try my chances here. It's not easy to describe the issue in a single sentence as subject line but the problem I experience…

HTTP redirection feature for a firewall rule is no longer working after upgrade to SFOS 16.05.4 MR-4. Any HTTP requests that match the particular rule are supposed to be automatically redirected to a HTTPS request, but that it is not happening. The HTTP…

I have IPS working and scanning HTTP and HTTPS traffic. Using the EICAR test files ( http://www.eicar.org/85-0-Download.html ) I get a blocked warning from the XG firewall on Chrome for all 8 variants of the malware test file. On the Edge browser I get…

Hello, I got a weird issue with my XG105w: I have set up several VLans as follows: Vlan1: 192.168.16.0/24 Vlan10: 192.168.10.0/24 Vlan20: 172.16.16.0/24 Vlan30: 10.16.16.0 / 24 Vlan40: 10.0.0.0/24 My local servers (domain controller active…

I am new to Sophos but I am experiencing a bizarre issue. The XG firewall does not have any license for Web Proxy and it is also not using an enterprise CA certificate. There is a rule to allow traffic from internal network to a WAN interface, when…

I am running the XG firewall as a direct proxy in gateway mode and it is working correctly for HTTP traffic. The rule I created for the web proxy does not have any web filtering and the Decrypt and Scan HTTPS option is disabled. However, it gives me an…

Hi to All, Good day. I need an assistance regarding my setup of Sophos XG 310 Firewall. I tried to block facebook and youtube and was able to by using application blocking. The problem is I created a specific rule for allowing certain IPs from accessing…

Hi After Google has updated Chrome, we now have problems accessing websites with SSL. HTTPS Scanning is enabled on the Sophos UTM and the problem seems to be that Chrome no longer accepts an empty DNS name in the SSL certificate presented in the browser…

Hi All, I've decided to give HTTPS scanning ago, however, when deploying the certificate via GPO it's intermittently working. Sometimes gets removed etc or even though it's there, the websites still giving security alert page on chrome. I'm using…

Hi Everyone, I have installed Web server (Linux Apache) instance in AWS and provided public access to web server through HTTP with Sophos UTM 9 and it is working fine. when I configured HTTPS for same Web server (Linux Apache) and tried to access HTTPS…

Hello, Here are the settings I needed to use to get Slack working with SSL Decrypt: Protect > Web > Exceptions [A-Za-z0-9.-]*\.slack-msgs\.com [A-Za-z0-9.-]*\.slack-edge\.com files\.slack\.com The only box that I have checked is to disable HTTPS…

I have a few HTTPS sites successfully published through my UTM Firewall (mostly Exchange Admin Console/Outlook Web Access). I'm now trying to set up another application, using a different domain name, but the Web Application Firewall log is reporting…

sorry English poor. hope you can understand me. I have two device , A is xg85 , B is xg230 two device connect vpn I have website for service in B company , use http and https in the same ip 192.168.1.15 http://192.168.1.15 ,https://192.168.1.15…

Hello Sophos Community; I have spent the better part of a day trying to find a definitive guide/answer on the use of External SSL Certificates from Commercial CA's when you have 1 or more internal web servers running HTTPS behind an XG, and no luck…

Hello Sophos community Members, I have question regarding the ssl certificate which was assigned to the Sophos Webadmin. my Current HTTPS certificate is generated by the UTM itself and the Hash Algorithm is SHA1 which was used for the certificate. …

Hi, I have HTTPS-Certificates from LetsEncrypt.com for all my subdomains. I uploaded the Certificate in the XG und used them in many Firewall-WebServer-Protection-Rules. This Certificates expire after 90 days and I have a Script do renew them easily…

Hello everyone, I have the problem that traffic from two applications does not pass the proxy. The proxy runs in transparent mode without authentication. The proxy is configured for HTTP / HTTPS. The traffic is not visible in the proxy log, the traffic…

I am having issues getting Netflix streaming to work. I've read through probably every discussion on the forum, but they appear old and none have worked. Luckily Netflix is not a big percentage of what we watch, but I'm pretty sure it was working until…

Hello, After much troubleshooting, here is what I had to unblock to get the Ubisoft Uplay desktop client to work without any issues: I had to create a HTTPS decryption exception with the following URLs local[0-9]*-mtl-[0-9]*\.ubisoft\.qc\.ca/ steamcdn…