We just had a PCI compliance scan and we failed because HTST wasn't enabled. Looking through everything HTST is enabled on all of our Web Server Protection rules including the default one. The PCI scanning company said the server replying is using apache…

Hi all! I hope this is just a small question and easy to answer. We have a XGS 2300 with SFOS v20 deployed and we use it as our snmp proxy. We get a lot of mails from "spameri @ tiscali.it" which are rightfully rejected. Now, I would like to set up…

Hi all, I have multiple Domains mananged in my LAN. Sophos XGS3300 protects that mails. Now I want only one internal domain to use a smarthost for outgoing mail. All other domains should proceed directly via MX. How to manage that? Mail Policies…

Hello together, i have the issue that some Websites like https://www.mediamarkt.de , https://www.poco.de , https://moemax.de are disconnecting the TCP Stream when our Sophos Firewall is running TLS Decryption against them. Once the TLS Decryption…

Hi there, I have a single static public IP that I'm using for SSL VPN incoming connections and for exposing a host (PBX) along with the following services: 80, 443, 5060, 5061, and RTP range 9999-15000. The PBX manufacturer provides a DNS service…

I'm getting an error on a URL with WAF for Static URL Hardening. I've added an exception but still getting the same error. What am I missing?

Hi community Please i have this issue for our customers, we migrated from UTM9 under SG135 series to new series XGS136W before we start you can find current configuration. Appliance are connected to ISP Modem (Router) via port 2(WAN) Port 1…

Hello, I am experiencing an issue with the Sophos XGS firewall on the latest firmware. The issue is with the Email application; specifically, incoming mail from the MailGun service is marked as b ounce+7bbc1d.e9c62-admin=acme.com . It happens that…

Can anyone help figure out what to let through the web filter to get the onvue proctored exam streaming software to work through an XG210? On the test connection it is failing everytime on the video streaming check. When I look in the firewall logs…

Hello, as from here I can configure "Require sender email domains" to enforce TLS negotiation ( whitelisting ). Beside this I can configure "Skip TLS negotiation" ( blacklisting ). For compliance and legal reason I need to configure TLS negotiation…

Hi folks, a while ago I had issues with SASI not logging all iMaps traffic. The issue has been partially resolved by changing firewall mail rules. A new issue is I receive over 1000 spam messages a day from the same sites via the mail post office…

Hi, I would like to setup a Webserver protection using the WebServer and HTTPS to the Sophos FW, but behind the Firewal, I want to use HTTP. Could anyone tell me how to setup that? I can see how to setup for HTTPS, but I am not sure how to send it using…

This is partly a question, partly a what's other peoples experience with this Doing some heavy speedtest loads on an XGS136 and an XG 135 and while both units with TLS inspection on will do 800mbps+ on the download they will only do 190mbps(XGS136)…

I'm trying to test the web filter with a content filter and am experiencing unexpected behavior. I've created a blocked terms list with the following term: and uploaded it to a content filter called blocked_terms. I've also set up a web filter policy…

Hallo everyone, I am facing with an issue in sophos XG with web server protection. I have created a WAF rule and redirect my alias ip to my webserver through HTTPS 443 select my certificate *company.com and add my webserver host my company.com but…

Hi all, So we have Sophos XG Firewall as well as the Sophos endpoint client for A/V, web filter etc etc... The issue I am having is that we have more detailed filtering at the firewall level so no issues when users are connected to the work network…

I am currently facing issue with the host-based relay on our Sophos XGS 3300 firewall. As per our configuration, I have allowed specific hosts to send emails, while denying access to other hosts. However, it has come to my notice that some denied hosts…

Hallo, ich bin auf der Suche nach einer Möglichkeit um bestimmte Absender von der Quarantäne auszunehmen. Mir wurde von unserem Servicedienstleister mitgeteilt das ginge nur über [Release & Report] Das kann doch aber nicht sein das wir hier selbst…

Hallo, ich habe mit einer Sophos XGS 2100 im HA ein Problem mit der SSL / TLS Encryption. Wir benutzen das Programm SFIRM, welches Probleme mit der Encryption hat. Ich habe dementsprechend Kontakt mit dem Sparkassen-Support aufgenommen und die…

hello, How does a computer behave when it is in the firewall network but is also supposed to use and utilize various web policies via Sophos Endpoint Protection? The firewall also has a web filter that has been rolled out to different users and PCs…

Dear All, I am facing with a Problem in sophos xg web server Protection, I have created all needed ruls and upload the ssl certificat to xg but in web application rule under the Host server when I select the HTTPS in the dropdaown menu I dont see me…

So i know this topic has been discussed before but no one puts in a complete answer so going to ask it again. After enabling Exchang enhanced protection OWA externall breaks. I know this is due to the SSL offloading as this is mentioned in several posts…

Prezados, utilizamos o Sophos XG 135, com ultimo firmware aplicado. Estou tendo problemas ao atutenticar nos sites do gov.br Como exemplo a URL: https://sso.acesso.gov.br/login?client_id=www.gov.br&authorization_id=18d47433c8d Recebo aviso de…

Hello, I'm trying to configure SMTP on Sophos Firewall ( SFOS 20.0.0 GA-Build222) : everything is running smoothly in IPv4, but Firewall is blocking outgoing IPv6 SMTP traffic : I tried to define all kinds of (IPv6) rules to allow this traffic…

Hello, I have a problem with our Firewall. We have a service Provider who takes care of our website, which is hosted by them. When they do any changes on the website, I cannot see these changes while connected to the internet through our firewall. If…