My setup is as follows:
I have a 1&1 VDSL250 connection with DS-Lite. At the entry point, I want to install a modem directly (ZTE H186), which also establishes a link to the provider. On the Sophos firewall, I enter the PPPoE login credentials. According…
We have our telephones in their own network zone - the Phone. I would like to have have a few mobile devices in a different zone with a sip client be able to access the pbx. Created a rule to allow udp 5060, what our pbx is setup to use for sip, and yet…
Hello
As I am gradually migrating from MikroTik to Sophos Firewall Home Edition at home due to its more advanced security features, I have some clarifications regarding traffic shaping.
Current Setup:
I am using a Multi-WAN configuration where…
Hi I am using SFOS 21.0.0 GA-Build169 and noticed that when I use the ping diagnostic tool in the Sophos interface it doesn't work when I select an interface (eg ping using an IP in my networks)
I logged into the console of the Sophos device and got…
Ich versuche nun schon seit einigen Stunden ein Problem zu fixen. Ich habe von meinem Provider ein /56 Prefix bekommen, was an der Fritzbox anliegt.
Nun habe ich das Problem, dass ich per SLAAC intern die IPs verteilt habe, was auch funktioniert hat…
Hello Team. I recently deployed a sophos xgs 3300 firewall. I am very green in regards to the firewall but I have managed to set it up and get the LAN and remote sites to access the network services. The challenge I am facing is making my public servers…
Problem: When I go to the portals from my LAN zone I can get into all of them except the captive portal. Ports 4443 (user) , 4444 (admin) work. Port 8090 gives me an error in the browser: Firefox v133.0: PR_END_OF_FILE_ERROR Chrome v131.0.6778.87: ERR_CONNECTION_CLOSED…
On one of our XGS-firewalls, we need a NAT rule for HTTP/HTTPS. On this firewall, it's not possible to create or renewal a Let's Encrypt Cert.
We need to disable the NAT rule, then it works to create/renewal the certificate.
But this can't be the…
We recently upgraded our Sophos XGS 4300 to SFOS v21. Since then, we are finding that a number of our users were receieving connection reset messages in their browser (Edge and Chrome) when attempting to access some websites with transparent TLS decryption…
Hi folks,
a question for those who can provide guidance and maybe even answer.
The daily report shows various classifications for NTP type traffic.
1/.
2/.
3/.
I was reviewing the hairpin NAT configurations and found there were some items…
Hallo,
Ich habe eine Firewall mit mehreren Schnittstellen, über die Anfragen verarbeitet werden. Eine Subdomain ist auf eine bestimmte Schnittstelle geroutet, und Anfragen auf dieser Schnittstelle werden an einen Server in einer DMZ weitergeleitet.…
Hello,
we have an question because in the past we have problems with DNAT when configuring our two WAN-links as active/passive.
As a workaround we configured the two interfaces as active/active, but now the problem is the second link (which is limited…
Hello community,
We want to fetch a list of IP addresses from a webserver and (dynamically) import them into a host group on our firewall (Sophos XGS3100 Vers. SFOS 20.0.2 MR-2-Build378 ). Our plan is to use the API along with a Python script that downloads…
on a sophos firewall (e.g. xgs136) I can view the interface statistics via the CLI. (command: show network interfaces)
At the output I notice that there are many dropped packets at RX state (receive).(LAN Interface)
Port1 Zonetype:LAN MAC Address…
Hello, I have a problem with mainly HTTPS connections showing up in the log as Invalid Traffic / Invalid TCP state. See screenshots below.
example domain is https://telekom.de
I have 2 Internet connections with separate NAT and SD-WAN routes. Routing…
Hi all,
I have a XG135 firewall and several RED devices, I also have several devices from Ubiquiti (UNVR and CloudKeys) and they are causing problems. Ubiquiti support keeps telling me that I need to allow access on UDP port 123 which they use for NTP…
Dear all,
I am facing a problem that my WAN Port always showing RED and i could not ping the WAN Gateway. At the same time, the same line with the same Static ip address is working in my laptop / nearby desktop without any problem.
Kindly let…
Hello,
Since the XG Firewall does not have countries for IPv6, I have created my own countries based on published IPv6 address ranges which can be found here https://www.ipdeny.com/
I created a LAN to WAN rule to block access to a country and a WAN…
Hi all,
I created a new alias interface but missed on digit, so the address doesn´t belong to a existing interface configuration.
Now I cant delete that alias because its not showing up in gui. Is there a way do get rid of that alias via console?
Hello,
Need your recommendations, we want to implement a SFTP server to exchange data from and to one of external partners. I am planning to add the server to DMZ group and just restrict FTP protocol to it. Create a NAT rule also i want to force the…
I have a customer who has 4 Sophos Switches and 1 Sophos Firewall. He intends to connect them in a ring with Firewall as a Gateway. So here is the planned setup:
Sophos XGS Firewall as Gateway with 2 interfaces as bridge mode:
Port 1 Bridge Mode on…
Hi all,
We are having a few problems with our VOIP phones. I believe it may be to the firewall, but I not 100% sure.
I need to allow an IP address range and some ports.
I have created a firewall rule, but I cannot see that any traffic being logged…
Hello everyone,
I am attempting to redirect all requests made to 192.168.10.5 to 172.16.10.5. The VPN is working properly on both sides.
Sophos XGS: DNAT Through Routed VPN
Details:
#VPN Working 100% LOCAL-LAN: 192.168.10.0/24 (Sophos) REMOTE…