We manage 241 firewalls via Central for our customers. We have management from the internet locked down. When performing a packet capture in the WebUI, there is a "Display Filter" button. If I want to filter on a specific rule, I have entered the Rule…

Would it be possible to add the two logs reverseproxy.log (WAF) and letsencrypt.log (LE) mentioned in point 4 at the bottom of this page to the log viewer? Thank you.

We have a sophos xgs with several ipsecn vpns site to site running. the Sophos XGS is responding to some VPNs that are without fixed public ipv4 adresses. One VPN incoming has no fixed static ip adress, but i need to enter that ip-adress at xgs to…

Hallo zusammen, eine bestehende UTM-Firewall (9.7) Umgebung, die aktuell zum größten Teil mit ANY-Regeln arbeitet, soll optimiert (gehärtet) werden. Das Problem dabei: Einen Überblick über den Traffic zu bekommen, ist nahezu unmöglich, da via ANY…

While looking at our FW logs I see UDP packets from internal devices sent to a FW interface with dstport=0. 2023:06:23-14:20:19 FWName ulogd[31041]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule…

SFOS 19.5.1 I have wireless protection enabled in SFOS using a Sophos AP. I recently created an MAC host group with a whitelist of MAC addresses of devices that can connect to the wireless network. Recently an Android device that was previously authenticated…

Hy Team, after integrating sophos utm 9 firewall to solarwind. solarwind unable to catch sophos log.

Where can I find a description of the messages I find in the networkd.log? I'm looking for how to tell what might be going wrong with the wan dhcp request on my port2 on one of my XGS107's that is unable to renew an ip address. Can I disable the GuestAP…

I have used WinSCP with my XG firewall to read the logfiles because I'm not a linux propeller-head guru. Now I'm having an odd WAN dhcp problem on my new XGS firewall, when I go to the logs up pops a dialog box saying /logs/tslog is empty. What's up with…

Hello, We have received the alert notification "Reports disk Usage reached 90% exceeding the higher watermark of 90%". Kindly guide me before doing purge how I can download that data and then purge.

How does one enable logging (so one can see it in the Log Viewer in the management web interface) of IPS events. Every time I have a IPS problem, I get email notifications but the IPS Log Viewer tab is empty - how can i get it to populate? Regards…

I have a firewall rule (rule 20) which is a "log and drop" rule at the bottom of the IPv6 rules. But I'm seeing something very weird: some of the time it says "Denied" and some of the time it says "Allowed". There are no exceptions in the rule. Not only…

I have an XG125w (SFOS 18.5.2 MR-2-Build380). A while back, I had a website that needed a web exception for SSL/TLS decryption and scan. The domain needed did not appear in the SSL/TLS log viewer. I opened a ticket with support and they gave me some…

Hi, I am trying to find the answer to setup a segregated implementation of Sophos XDR being installed inside a VM workstation, on my personal computer for work. My work laptop has died and my solution while it is getting repaired was to install…

Hey how can i disable "default drop" logs of Sophos UTM, I don't have any rule for the default drops so i can't uncheck the log option and i don't wanna create an any--any drop rule and uncheck it. How can i disable default drops in this case?

Hallo, wir betreiben eine SG210 mit der Firmware 9.707-5. ich hab seit ein paar Wochen das Problem, dass unser COM Server (nicht in der AD, IP 192.168.1.2) nicht mehr auf eine gegenstelle per SMB kommt. Der Aufruf passiert im Mirth und soll über…

I am very disappointed in the error reporting functionality of the XG v18 firewall. Actually, the error reporting just isn't useful at all. Today I have a bounced message due to certificate issue on the recipient end. But the only way I know that is a…

I wanna share the log files with a remote log server via one of my local LAN interfaces on S2S VPN, but the problem is my logs are being sent over my public IP address, how can i force Sophos to send my logs via Lan interface on S2S.

I'am trying to send logs to an external Syslog server via Remote Syslog Settings but i don't have any access to the server how am i gonna check if the logs are actually being sent?

Hallo, wir würden gerne die TLS Version für die Webserver Protection auf v1.2 anheben und möchten dafür vorher überprüfen, ob noch Verbindungen über TLS v1.0 oder TLS v1.1 aufgebaut werden. Gibt es eine Möglichkeit das über die GUI oder die CLI…

I'm on version 9.705-3, and since sometime in May, the log files for Web Filtering have grown from 500MB daily to 2+ GBs daily. The logs are flooded with the below entry: 2021:06:28-10:26:55 FirewallName httpproxy[23287]: id="0003" severity="info" sys…

Hi I have noticed weird logging and reporting behavior on the XG when transfering more than 4GB during one connection session. I tried to reboot the firewall, but no difference. You can see results of some of my tests below. Reports and policy counters…

Hello community, I am looking for a log file description for SG (and XG) firewalls. A lot of logs do have an id="xxxs" field, for example: <30>2021:03:11-22:26:42 gateway ulogd[7988]: id="2002" severity="info" sys="SecureNet" sub="packetfilter" name…

Hi, I have tried opening a support ticket as well as searching on these forums but I cannot seem to get a straight answer. I'm using an XG450. With Covid making work from home mandatory for a lot of employees, management is now asking me to produce…

I'm missing a log entry for central-managed computers after the forensic snapshot I started a scan. no information about that anywhere. why that? If this is by design I wonder how to keep control and knowledge about what has - and what has…