• Sip from one internal zone to another

    Michael Pousen
    Michael Pousen
    We have our telephones in their own network zone - the Phone. I would like to have have a few mobile devices in a different zone with a sip client be able to access the pbx. Created a rule to allow udp 5060, what our pbx is setup to use for sip, and yet…
    • 15 days ago
    • Sophos Firewall
    • Discussions
  • DMZ Configuration

    Geoffrey Njoga
    Geoffrey Njoga
    Hello Team. I recently deployed a sophos xgs 3300 firewall. I am very green in regards to the firewall but I have managed to set it up and get the LAN and remote sites to access the network services. The challenge I am facing is making my public servers…
    • 23 days ago
    • Sophos Firewall
    • Discussions
  • xg firewall rule for nvr

    SATPAL BHATIA
    SATPAL BHATIA
    Dear Team, How to configure NVR rule on firewall. So that I can access the cameras through static IP from anywhere. Regards, Satpal.
    • 23 days ago
    • Sophos Firewall
    • Discussions
  • v21 Let's Encrypt Cert creation and renewal fails, whan NAT Rule for HTTP/HTTPS exists

    PCPCH
    PCPCH
    On one of our XGS-firewalls, we need a NAT rule for HTTP/HTTPS. On this firewall, it's not possible to create or renewal a Let's Encrypt Cert. We need to disable the NAT rule, then it works to create/renewal the certificate. But this can't be the…
    • 24 days ago
    • Sophos Firewall
    • Discussions
  • Open port 123 for Ubiquiti NTP access

    MCBLC
    MCBLC
    Hi all, I have a XG135 firewall and several RED devices, I also have several devices from Ubiquiti (UNVR and CloudKeys) and they are causing problems. Ubiquiti support keeps telling me that I need to allow access on UDP port 123 which they use for NTP…
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • Issue with Third-Party Threat Feed Not Blocking WAN to LAN Traffic

    Jurgens Steyn
    Jurgens Steyn
    Hi, I’m using a third-party threat feed with Sophos and under the impression that it should provide WAN to LAN protection. However, I’ve conducted a test and observed unexpected behavior. Here’s what I did: Created a custom text file list containing…
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • IPv6 Country Block WAN to LAN strangeness

    Casual_User
    Casual_User
    Hello, Since the XG Firewall does not have countries for IPv6, I have created my own countries based on published IPv6 address ranges which can be found here https://www.ipdeny.com/ I created a LAN to WAN rule to block access to a country and a WAN…
    • Answered
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • External Partners Accessing DMZ

    Reem Jalal Eddine
    Reem Jalal Eddine
    Hello, Need your recommendations, we want to implement a SFTP server to exchange data from and to one of external partners. I am planning to add the server to DMZ group and just restrict FTP protocol to it. Create a NAT rule also i want to force the…
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • Allow external IP range and ports

    Bradley
    Bradley
    Hi all, We are having a few problems with our VOIP phones. I believe it may be to the firewall, but I not 100% sure. I need to allow an IP address range and some ports. I have created a firewall rule, but I cannot see that any traffic being logged…
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • Sophos XGS: DNAT Through Routed VPN

    FMXio
    FMXio
    Hello everyone, I am attempting to redirect all requests made to 192.168.10.5 to 172.16.10.5. The VPN is working properly on both sides. Sophos XGS: DNAT Through Routed VPN Details: #VPN Working 100% LOCAL-LAN: 192.168.10.0/24 (Sophos) REMOTE…
    • Answered
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • Email Protection auto generated MTA Firewall Rule

    jtaylor
    jtaylor
    Hi, I can't seem to find a clear answer as to why the auto generated MTA firewall rule is needed. As I understand it, in MTA mode emails are being 'handled' by the firewall rather than just traffic passing through it, so access should be controlled by…
    • Answered
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • XGS 3300 wrong Gateway

    Bart van der Horst
    Bart van der Horst
    Hi, I've got the following case: HA XGS3300 Three WAN connectinons P2 ISP 1 P4 ISP 1 P6 ISP 2 P2 and P4 are BGP. P6 is stand alone. All internet connections are working. When configuring SNAT and or SD-WAN all traffic for WAN is over…
    • Answered
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • Devices connected on wifi but with no internet connection

    Anesu Dangarembwa
    Anesu Dangarembwa
    Good day We are having a challenge, we have a firewall XGS 2100 , some devices that are connecting with wifi, they receive ip address from DHCP in the firewall, we have a firewall rule for the devices with Mac address, but the devices they are not receiving…
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • question about blocking user AD Windows server through Sophos Firewall

    Alfredo Lodos
    Alfredo Lodos
    Good afternoon, I have a Sophos firewall that is integrated with a Windows Server Active Directory.Can a domain user be blocked from browsing the Internet through Sophos, but allow the computer they use to download and update the operating system, and…
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • XGS 107 und WLAN Call

    Jörg Schwarzrock
    Jörg Schwarzrock
    Hallo zusammen, ich habe eine XGS 107 bei einem Kunden laufen und dieser möchte nun auch WLAN Calls tätigen. Es sind seit längerem normale AVM 2400 APS hinter der XGS eingerichtet. Nun blockiert mir die XGS die WLAN Calls, AP probeweise direkt…
    • Answered
    • 1 month ago
    • Sophos Firewall
    • German Forum
  • rules

    Serkan Dağlı
    Serkan Dağlı
    1 Firewall 2024-10-26 14:10:51 Appliance Access Denied N/A 0 PortA1.10 10.10.1.3 10.10.1.255 137 …
    • 2 months ago
    • Sophos Firewall
    • Discussions
  • Sophos Red 20 General Internet Access

    QCHA ITSupport
    QCHA ITSupport
    Hi, We have a RED 20 device that we recently purchased as a test device before looking to set multiple up across different sites, however we have found that our organisation's manual proxy blocks any internet access to anything not included in the proxy…
    • 2 months ago
    • Sophos Firewall
    • Discussions
  • Port Freigabe - Eingrenzung auf Herkunft?

    GG-Star
    GG-Star
    Hallo Zusammen, ich würde gerne in der Sophos XGS107 eine Portfreigabe für einen Telefoncloudanbieter einrichten. Welche Ports das sind, wird hier sehr gut beschrieben. https://www.easybell.de/hilfe/telefon-konfiguration/allgemein/firewall-fuer…
    • 2 months ago
    • Sophos Firewall
    • German Forum
  • Guest network on separate public IP

    jtaylor
    jtaylor
    We have a /29 subnet from our ISP. I want to use a dedicated public address for our guest network traffic. I've added an alias on the PPPoE port and thought I could then just use an SD-WAN rule to route the traffic, but the alias doesn't appear in the…
    • Answered
    • 2 months ago
    • Sophos Firewall
    • Discussions
  • snat multiple gateways

    midnightSun
    midnightSun
    SNAT with multiple WAN gateways isn't working.. WAN Gateway 1 = Port3 - its public with /27 worth of aliases WAN Gateway 2 = Port5 - its public with /28 worth of aliases (IP Host) SNAT with Port3 aliases work for all of the rules I've created…
    • Answered
    • 2 months ago
    • Sophos Firewall
    • Discussions
  • Howto combine 'Match known users' and 'Block clients with no heartbeat'

    FFin
    FFin
    I could not figure out the details about traffic matching critera and further filtering within firewall rules. Can someone clarify what will happen if you select "Match known users" and "Block clients with no heartbeat"? Will the rule block no heartbeat…
    • Answered
    • 2 months ago
    • Sophos Firewall
    • Discussions
  • LoopBack NAT is not working upon accessing WEB Application Public IP in Local Network

    Nathaniel Patalod
    Nathaniel Patalod
    Hi Sophos Geeks! I'm having a problem accessing my WEB Application using Public IP in my local network but working if I'm accessing it externally. I already configured the DNAT policy Source zone in Any Zone but still no lock. Currently my version…
    • 2 months ago
    • Sophos Firewall
    • Discussions
  • FW-Rules not working to restrict VPN-Portal?

    bmu
    bmu
    Hi there, since some days, we encounter Bruteforce-Attacks against our Mainfirewall (Sophos XGS): Access from IP address '92.53.xxx.xxx' is blocked for '30' minutes after '5' unsuccessful login attempts I've tried to block all requests from…
    • Answered
    • 3 months ago
    • Sophos Firewall
    • Discussions
  • Loopback for Firewall in LAN (behind Home Router)

    kdoberitz
    kdoberitz
    Hi Sophos Community After a lot of trial and error I'm hoping you can help me finding a solution to my scenario: In my home setup I have my wan-interface of the sophos in a transit network. My ISP router forwards any traffic to the sophos. Now…
    • 2 months ago
    • Sophos Firewall
    • Discussions
  • XGS136 is blocking STAS traffic

    Daniel Zulian
    Daniel Zulian
    Hi everyone, I have some problems with the STAS service. The picture shows the topology: I have two locations, the HQ with an XG210, and the branch with XGS136. Both are connected through a VPN tunnel. The STAS server is in HQ location. The communication…
    • Answered
    • 3 months ago
    • Sophos Firewall
    • Discussions
  • View related content from anywhere
  • More
  • Cancel
>