Hi, Has anyone got a configuration guide for implementing ZTNA for CIFS/SMB servers on-prem. Clients are Azure native Windows 11 and Mac devices. File servers are domain joined on-prem. XGS at the gateway, ZTNA client would be on the device…

Hello Community, here's the situation: Head Office (HO) : two WAN uplink connections, both have static IPs. One connection is 'cost based' and slower (backup WAN) and the other is quicker and has no traffic costs (primary WAN). Weights have been configured…

Good morning everyone. Since the function of a company depends on the LDAP query, I would consider it extremely important to receive a warning. If the LDAP query fails. The MTA then no longer checks users if the connection to LDAP is disturbed (it cannot…

Many of us are using Cloudflare or similar services to protected their Extranet / Webmail and other public websites using the Sophos WAF. It's possible to display the real IP addresses on any Linux servers behind the firewall by enabling Pass host header…

Hello, is there an update on the topic of SRV entries via ZTNA? When will the workaround finally be implemented? We have used the workarounds and they work most of the time. Unfortunately, from time to time the SRV queries are not intercepted by the…

I have 200+ firewalls that have been out there for quite a well and I've found a few which still have PPTP enabled from a different era. Staggering. For some reason, PPTP isn't in Central Partner firewall templates so can't disable there. Can't disable…

TLDR - IEEE 802.1Q reserves VLAN ID 0 for a special purpose. Sophos XGS firewalls do not implement this special purpose correctly, preventing communication with some ISP Gateway modems. The request for proper implementation of VLAN ID 0 handling is being…

For firewall rules that allows access to a sensitive system (host) and where access is usually not required all the time, it would be nice to have a feature to enable them manually when needed but with a timer that disables the rule after 60 minutes or…

Hi, We have configured the SDWAN profiles for the WAN links and we are observing the pocket loss and latency on the particular link, Is there any way to get the notifications on these profiles over mail or SNMP ?

we are using email security and we miss some mails that sent to us for any reason the mail address is not correct for example wrong in spelling and so on ends up we miss that mails. What about if my organization wants to catch all emails and we don't…

Hello Sophos-Team, is this maybe in the works were we can have a Central - Content Filter Setting - for all Products. Because troubleshooting ATM is kind of meh... if you use all protections at once. Sophos Endpoint-Protection -> Sophos XGS Firewall…

Hi, I would like to block inbound emails by email domain extension in my SOPHOS FIREWALL, for example: .ru .cn Now i'm blocking by the complete domain (*@domain.extension), but i would like to block by domain extension. Thanks Nuno Mo…

Good Day, As I only found old posts about this subject, here is the question still at hand: Is changing the language of the Quarantine Digest Report Email a thing yet or not? (Or even better - Writing your own) This has been requested a few…

Hi all, any hints to configure mobile WAN as backup line? wired WAN is default but when line is down mobile WAN should jump in place. Mobile WAN must be turned on or not? WWAN Interface must be to automatic or manual? Thanks for help …

Hello Team, what would you recommend to handle known power loss on a reoccuring schedule? "Problem" is that this leads to alerts "Firewall has not contacted Sophos Central for the past 5 minutes". (Sophos Central setup) We have a Sophos firewall…

Hi, With growing rulesets on our XG, it t would be nice to have a GUI that visualize the connetions. I didnt see a feature, neither on the GUI nor in central, that can visualize the connected Points with services and source/destinations. Is there a…

Hi, Is there any option for ssl vpn user password will expire after specific days. Note:don't suggest AD.

Hey Folks, while deploying one XGS after another we noticed that Client-IPs in reports e.g. aren't resolved into DNS Names like on our SG/UTM Models. We created a DNS request route: 168.192.in-addr.arpa and domain.local pointing to the internal Windows…

Hey Dears, I have a Sophos firewall version 19, I want to ask if i can deauthenticate an Ip shown in DHCP leased list to force it to obtain new Ip or disconnect it immediately? Thanks

Dear community, In our company, logging in to the domain will only be possible with a smart card and without entering a password in future. In our case, this is a Yubikey 5. Is there any way to integrate the SSL VPN clients via smartcard? Kind regards…

Hello, i reach out to all of you as we are in a really bad situation. We are hosting several customers with active directorys and we just recently started migrating from UTM to XGS. Today we learned, there is a maximum of 20 servers you are allowed…

Dear community, As a firewall noob I am wondering how to integrate a dynamically changing list of IPs into an allowlist for a specific firewall rule. As a home user I unfortunately have no access to the "Web protection subscription", only "Base Firewall…

Hi, Besides the fact that there is a ticket open already: Is anyone here using S/MIME certs with public CA in Central Email and have customers receiving empty signed or encrypted meeting requests in their Outlooks due to the fact that these are Signed…

Hello everyone, Is there a way to find out if incoming / outgoing mails are being blocked in Sophos Central because the mailbox/mailaddress is missing? Unfortunately, I have not yet found a log / report for it. Is it maybe possible to get these logs…

Hi Is there a way to get a daily or weekly or monthly report about each mailbox how many mails sent and how many received? Thanx Shay