New XG deployment (SFOS 18.0.4). I created a few web policies so that we can control what websites authenticated users can go to. Seems to work fine. I have about a dozen servers (some linux but most Windows) that run Services. The services will run…

Dear all, I would like to know how to block Line application It seems that data of Line application (Line for Windows) use port 80 & port 443, which is same as website. (Actually, we have blocked data transform after unable website function) How…

My Baseline Application Policy policy has various categories blocked. Works well. Now I want some IT team members to have access to a few apps that are blocked by the Baselines Application Policy. So, do I either a) clone the Baseline policy, unselect…

Hi, I have a question about Sophos KB 000036746 I received this link from support in case 03251728 without any more information. Are the shown and red marked settings on XG policy really required in this way or is it just an example? I ask because…

We have a new XG running as a direct Proxy I have 2 sites I cannot access and non standard ports e.g. https://x.x.x:5601 and https://x.x.x:8182 I get the generic "Hmmm… can't reach this page" from Edge. The ports are allowed in Web proxy configuration…

I want to specifically block a sub URL https://app.powerbi.com/groups/me/getdata but nothing else under app.powerbi.com . I've done this by creating a Category and adding Domain/keyword as app.powerbi.com/groups/me/getdata If I go to https://app.powerbi…

Hi, is there an option to block all removable media unless the data is encrypted. for example filevault or bitlocker.? currently testing the policy, Removable storage -> set to block. all removable media is blocked: this is ok so far The USB…

I am just now switching over from using the web proxy to DPI engine and i am having one issue where the only site that wont load on IOS Devices is www.youtube.com getting (TLS handshake fatal alert: inappropriate fallback(86).) using safari browser…

Hello, I am new to the Sophos world and have a new SX135W that I am working to get setup. We migrated policies from and older SG230 and now seem to have broken the connection to Sophos Central. I added a rule to permit any traffic to Sophos LiveCentral…

Hi everyone, How and where do I enable wildcard blocking? I want to block all the stupid, ",io" TLD's among others. Something like this; https?://[A-Za-z0-9.-]*\.io/ just not sure where to put it. Thanks in advance!

Hi All, On October 21, 2018, we released a policy update for Macs, which updated the strength of the updating password encryption. This has resulted in some Macs reporting Policy Non-Compliance: Updating, as the systems took in the new encryption. The…

Hallo, wir haben in den Server Protection Richtlinien beim WebControl einige Seiten mit Warnhinweisen versehen. Diese werden beim ersten Aufruf der Seite auch ordentlich angezeigt. Beim nächsten Aufruf aber nicht mehr, bis der Browsercache gelöscht…

So I have a bunch of alerts on sophos central from devices that have been deleted, so when i click on the device it says that the device has been deleted, so I figured that maybe reinstalling endpoint on that device will somehow fix it, turns out it didn…

I need assistance with creating Business Application Rules for Exchange General and Exchange Autodiscover. I can create User/Network Rules without freezing the screen but when I choose the option for Business Application Rule, it gives the list to choose…

I currently see a live connection running since early in the morning based on HTTP Resume Filetransfer. Investigating the destination IP address I found out it is web radio (http://94.130.253.194/). How can I block web radio? - I don't want to block…

I have created a firewall rule to block traffic from certain countries. I am on the latest XG version SFOS 17.1.2 MR-2 I followed the knowledge base article https://community.sophos.com/kb/en-us/123007 Are these settings and article valid. Thanks

Hello All, I am new to this community - I have inherited a Sophos Virtual Web Appliance, set up in transparent mode for the network I now manage. I have been taking time to reverse engineer the configurations, and have slowly been learning how my…

I have a SSL vpn profile (PROFILE 1) through which majority of my users login remotely if required to access the LAN For a small group of contractors i have created a separate SSL VPN profile (PROFILE 2), so they have access only to 1 resource (SERVER…

I know this has been asked before, and I have read several posts about how to do it, but I am just not getting it to work. I have installed the Sophos XG Hyper-V appliance. I have another firewall product that is replacing my XG that I had installed…

The RCA component in the Sophos EDB console is a great feature, but can we trust the analysis? We've got 100s of endpoints on which the PUAs and malwares are detected and 100s of tickets generated in the ticketing tool. 1. Do we have to collect…

Hi Team, First of all, I would like to thank you all in advance for helping. My issue is as follows. As per one of my customers requirement I did a Sophos central MDM POC. Devices which were used was "Huawei Y2 Pro" with Android 8.0. Customer wanted…

Hi, As Sophos does not have the option to configure policies based on device type so How will configure my IoT devices security? I have many devices which are connected to office LAN network but I don't want to give internet permission to some special…

Hello everyone. I recently implemented an XG125 in my office. In the sophos I have 2 vlans (vlan10 called LAN_Administración with ip 192.168.1.0/24 and vlan20 called LAN_Laboratorio with ip 192.168.0.0/24). On vlan10 I have some devices that I want to…

Using SFOS 17.1.0 GA on XG 650. We have Safesearch enabled and if a user that is allowed goes to youtube, they can search and view videos as expected. When that same user and same computer tries to watch a video that may be embedded, redirected or even…

Hello to who might concern the following. The issue : build in windows 10 mail client not synchronizing when HTTPS Scan And Decrypt is active ( certificates are installed on the endpoints ). And Google Music Manager ( windows 10 ) not connecting to…