We have a ongoing issue with Sophos Connect 2.0 and IPSec VPN connections where DNS resolution is extremely slow at first and sometimes never resolves itself. For example a user connects to the VPN and then tries to open a network drive then gets a error…

Hi, We have the Sophos XG and XGS UTMs behind an other firewall (not controlled by us). However the admin of that other firewall complains about a lot of DNS traffic coming from our Sophos. we tried dropping any DNS traffic from within the Sophos and…

Hello all I want to create NAT + Access rules for DNS and NTP so any UDP 53 and UDP 123 traffic targetted for WAN gets redirected to internal servers. Can anyone suggest how that can be achieved? Thanks A

We have moved over a customer from SSL vpn to IPSEC connect client vpn but now when they use the built in VPN on an Apple iphone it looks like they arent receiving the DNS server IP that is specified in the IPSEC remote access section on the Sophos XG…

I have my XG106 with v19 GA behind my XG125 with v18.5.2 MR2 for home testing. The only thing connected to the XG106 is the WAN link which feeds into a port on the XG125. The strange thing is I see in the XG125 logs is that the XG106 is making multiple…

Looking to have a sophos firewall at an edge site perform a DNS rewrite as it sees the request come through for specific non-owned remote sites. Can this be done? I've done this previously on the Check Point platform, but am not finding a specific place…

Short version: is there a way to propagate mDNS/DNS-SD advertising from one subnet/zone/vlan to another? Long version: (notes added at end 10/5/22) Running own hardware with SPOS 18.0.6 Build 655. I wish to segment my network, with some “dodgier…

We are seeing a lot of timed out DNS requests when using Quad9 as DNS provider. Timeout does not happen when we use Quad9 directly on windows/linux hosts but only when we use it trough Sophos XG FW. Is the DNS query timeout set so aggressive on XG…

Hi, ich bin neu in der Sophos Welt und habe bisher folgende Config aufgesetzt: Sophos Firewall Model: XGS126 mit diversen APX 120 Access points. Das ISP Signal kommt von Vodafone Kabel Deutschland über eine Fritzbox 6660 im Bridge mode. Das Signal…

Running XG 18.0.6 on my own hardware. Short version: How do you log activity of: a) DNAT rule which diverts DNS to the Sophos LAN Port b) The DNS service itself I can do some packet capture, but the logging tool seems to ignore a DNAT rule terminating…

HI Well were finally on out migration fromUTM to XG. First thing I;m got a question is the availabity groups on XG. Any way you can replicate the availability group functionality on XG?

Hello everyone, I'm pretty new to Sophos and have recently run into this problem. My setup is all in VMWare: The Sophos machine is bridged directly to the internet (WAN) and it's also connected with a Windows 10 Virtual Machine (LAN) So I expect the Windows…

Hi! I've installed the client of the SSL VPN. The connection works, but the DNS ip that the Sophos (XG 125) is releasing is fec0:0:0:ffff::1%1 . Under Network -> DNS I've selected Choose IPv4 DNS server over IPv6 . I can ping Internet DNSs, but not internal…

Hi, If I have multiple addresses listed under a dns entry, does this act like the failover group on the UTM or a round robin DNS? The documentation makes no mention of the implications of having more than one address listed for an entry. I'm setting…

Hi there, Sophsos Connect v2.1.20.0309 + SophosXG 18.5.2 + Windows 10 1809 After a certain time the name resolution does not work anymore, only "nslookup". Restarting the device, this works again for a certain time. There are some problems with "sophos…

Hi everybody, I have been using Sophos XG 135 for now 2 years. But i have juste noticed that from office (behind sophos firewall) we are unable to access this website bellow. - Web site: https://e-impots.gouv.ci/ - Error message : " Ce site…

Is there a way to make a dns request route apply to all sub-domains? Example: dns request route for domain.com would also apply to sub.domain.com and sub.sub.domain.com

Hi All, We have a ipsec tunnel from the Branch office to the Head office. We used this KB ( https://support.sophos.com/support/s/article/KB-000035798?language=en_US ) to route traffic from a specific subnet at the branch office to the WAN of the Head…

Hello, we have simple setup with our network. Now we added vlans for our wifi. (multiple, one for guest , notebooks, smartphones) If i get it correct it would be much safer of security point to let the Sophos XG getting all dns request right?…

Hi everyone, I'm a long time UTM user that just made the cut over to Sophos Firewall and I've got one nagging issue that I can't figure out. The first time a user goes to browse a web page, there is a delay of 10-15 seconds or so. Once you get past that…

Hello guys! Long time UTM user, absolute newbie when it comes to XG..Anyway.. I need one specific thing. I have 3 dynamic dns hostanames. And one internal webserver. e.g. 10.10.10.1 I need to use WAF and redirect first.dyndns.com to 10.10.10.1 …

Hi! I installed Sophos XG VM in my home and I'm testing it and probably will use it for my home net and lab. Sophos runs as a VM on my homelab server. I have 2 ubnets there: 1. 192.168.1.0/24 - called Outside wih FW WAN interface attached to it…

Hi, noticed this behavior: - XG configured for 3 DNS servers - on upstream device only those 3 DNS servers are allowed for XG - occasionally XG sends DNS request to many other DNS servers and these are denied by upstream device - issue on 18.5.1 and…

Couldn't delete the post, so am editing it. I figured out how to add the XGS as the DNS server: in DHCP, uncheck the box to use the DNS settings and set the interface IP as the DNS server.

Is it possible to setup 2 groups for SSL VPN where each group has its own DNS settings? I have 2 AD domains on my LAN and want to have clients for AD1 get the AD1 DNS servers and the AD2 clients get AD2 DNS servers. Thanks.