Hi, I've got the following case: HA XGS3300 Three WAN connectinons P2 ISP 1 P4 ISP 1 P6 ISP 2 P2 and P4 are BGP. P6 is stand alone. All internet connections are working. When configuring SNAT and or SD-WAN all traffic for WAN is over…

How i can disable CBC mode and chacha20 affected algorithms and enable CTR or GCM cipher mode encryption.

We're discovering a strange issue with HTTPS decryption and ChatGPT in all browsers we use. ChatGPT is unusable when we're logged in with the ChatGPT-licensed Microsoft Account. Any chat request generates this or similar errors: On the of SFOS 20…

I have XGS 116 with 20.0.1 MR-1-Build342. Using a MAC computer, gets the "File Import Error" error when connecting to VPN using Sophos Connect, the same config file is processed on the device with the windows operating system and it works smoothly.…

Hi Sophos Geeks! I'm having a problem accessing my WEB Application using Public IP in my local network but working if I'm accessing it externally. I already configured the DNAT policy Source zone in Any Zone but still no lock. Currently my version…

Hello, I've added a DHCP-Server for an interface on my XG. The interface is an RED-VLAN-Interface and ping from the switch is working. An Accesspoint connected to the switch did not get an IP-Adresse. Today we found out, that we have the same problem…

I have a template that is failing to apply to ONE firewall. It applies to the other SIX firewalls without any problems. Ok. Great. Let's go see what the issue is. So I click "retry" and it just fails again. Anyone know how can I find…

Heartbeat is always a bit tricky here. As we have several rules with block clients with no HB, the impact off technical heartbeat issues is always high. Endpoints have the latest official Client versions from Central. Currently 2024.2.3.4.0 For…

Currently I have some trouble providing Firewall access to some load balanced CDN services on Akamai Servers, where the corresponding DNS names have short TTL's when using wildcard FQDN like *.docusign.net when the URL accesses will be demo.docusign.net…

Hello World, I have to Internet gateways from my ISP as part of a package deal. I would like to use one internet gateway as my production traffic and the other gateway as my lab traffic. None of the resources behind need to talk to each other. I just…

After a Reboot, we cannot query our XGS SFOS 20.0.1 with SNMP anymore due to errors with the snmpd service. Before the reboot it was fine. snmpd is running. saving the config again via Webadmin does not fix the issue, it restarts with the same errors…

I need some help to understand why this firewalls IPv6 gateway is constantly reported as failed. It's XGS126 with SFOS 20.0.1 Because of that Gateway errors I reconfigured it from being an active gateway to a backup failover gateway only. I have…

Good morning. I have several XG/XGS of different clients configured with IPSEC against the same central, this central uses a CISCO firewall (we do not manage it). The problem we have is that every 30 minutes we receive an email from all the XG/XGS indicating…

Hi guys, I'm trying to create a DNAT rule that uses the ISP from Firewall A for a host that is on Firewall B. The communication between these firewalls is done via SDWAN VPN When testing the NAT, I identified in the packet capture that the traffic is…

Afternoon I have a customer failing PCI DSS with the below. obviously all address the application ports, but how do I get on with the exposed SSL VPN ? (port 444) router = XGS2100 (SFOS 20.0.1 MR-1-Build342) any pointers please?

My Sophos FW XGS2300 port forwording not working for a new port in the past 7days ago, the older port forwording still work normal. Please help me how to check and troubleshoot about this problem. My NAT and rule as pic below. Many thanks for support…

Sophos XGS (SFOS 20.0.1 MR-1-Build342) Is it possible to know the total time user has been connected to the vpn as I can only get the authentication and data transferred.

Hallo liebe Community, ich würde sehr gerne einmal meinen Einsatz beim Kunden Vorort beschreiben, von Samstag den 10.08.2024. Der Kunde hat wie oben im Titel zu sehen zwei Sophos 136 im HA, der besagte Kunde hat neue Gebäude gekauft in der nähe seiner…

When users have homedrives in Active Directory they fail to mount as network drive when the firewall rule to the sharing server has user authentication required. Also the login of the users is taking minutes, not seconds. This is because the user is not…

I have configured Remote Access VPN - IPSEC and I am able to establish a connection via the Sophos Connect app. However, I am unable to talk to any LAN devices connected to the Sophos XG 125W. Here are my configuration settings: 1. Remote Client…

Hello, I refer to RE: DHCP Static IP mapping for same client multiple networks? With the update from SFOS 20.0.0 GA-Build222 to SFOS 20.0.1 MR-1-Build342 the Sophos system dhcp conf-generation-method has been set to old again: console> system…

Using XGS with SFOS 20.0.1 during packet capture on the Web GUI I noticed that traffic of user A was shown as traffic of user B with the correct source/destination IPs. At the same time the firewall logs were showing User A correctly. Is this a known…

Hi there, we have a /64 subnet (with gateway) and a /56 assigned by the ISP. No PD in place. I've assigned an address from the /64 subnet together with the gateway to the WAN interface, which is now reachable via IPv6. I'd like to assign IPv6 Addresses…

We have a Sophos XG135 firewall running SFOS 20.0.1 MR-1-Build342). We have a cloud 8x8 VOIP phone soultion which is having intermittant audio issues. We have been asked to run their network diagnostic tool which is reporting back UDP port 443 outbound…

Hi Experts. I'm willing to know if It is possible to change SSH default port to other than port 22 (port range available is 1:65535). The reason is to increase security on SSH access. In Sophos UTM Firewall this change is very simple to do (Management…