• SSL VPN Route Issues to VPN Clients Firmware 20.0.2 MR2, and Version 21

    Cameron Savage1
    Cameron Savage1
    This problem is occurring on Sophos Firmware 20.0.2 MR-2-Build378 as well as SFOS 21.0.0 GA-Build169. The problem also occurs on an XG with a firmware of 20.0.2 MR-2. Route Precedense has been set the following ways: static vpn sdwan | vpn static sdwan…
    • 3 days ago
    • Sophos Firewall
    • Discussions
  • SFOS 21 Third-party threat feed limits

    mierwins
    mierwins
    What's the limiting factor on the third party threat feeds? I current have 617,819 total IOC's in a v21 system running on a VM (software) and when trying to load another list here: https://raw.githubusercontent.com/hagezi/dns-blocklists/main/domains/tif…
    • 5 days ago
    • Sophos Firewall
    • Discussions
  • Hilfe bei VLAN-Konfiguration mit UniFi Switch und Sophos XG

    initB10r
    initB10r
    Hallo zusammen, ich richte aktuell für mein berufliches Umfeld ein separates VLAN ein und stoße dabei auf ein paar Herausforderungen. Meine Konfiguration: Hardware: UniFi Switch USW-24-POE Sophos XG Firewall Netzwerk: LAN …
    • 6 days ago
    • Sophos Firewall
    • German Forum
  • Workaround for Sony Playstation behind XGS? Could not associate packet to any connection.

    LHerzog
    LHerzog
    An XGS 136 v20.0.2 has a Playstation on the LAN zone. The LAN zone has unlimited Internet Access but IPS is active and DPI is monitoring outgoing connections but is not decrypting anything. This playstation was first run today and it started with…
    • 7 days ago
    • Sophos Firewall
    • Discussions
  • Sophos 115 REV2 with XG Home license and PPoE DS-Lite?

    Robert Schaller
    Robert Schaller
    My setup is as follows: I have a 1&1 VDSL250 connection with DS-Lite. At the entry point, I want to install a modem directly (ZTE H186), which also establishes a link to the provider. On the Sophos firewall, I enter the PPPoE login credentials. According…
    • Answered
    • 7 days ago
    • Sophos Firewall
    • Discussions
  • Sip from one internal zone to another

    Michael Pousen
    Michael Pousen
    We have our telephones in their own network zone - the Phone. I would like to have have a few mobile devices in a different zone with a sip client be able to access the pbx. Created a rule to allow udp 5060, what our pbx is setup to use for sip, and yet…
    • 13 days ago
    • Sophos Firewall
    • Discussions
  • How can I prevent OSPF from distributing WAN subnet

    Bill Roland
    Bill Roland
    Hi all, I have an XG firewall (v21) that I would like to use OSPF to distribute a couple of routes to my main network which is also using OSPF. I configured it and it is passing routes but it is also passing the subnet for the WAN interface, which I…
    • Answered
    • 13 days ago
    • Sophos Firewall
    • Discussions
  • Guidance on Traffic Shaping and QoS Configuration in Sophos Firewall Home Edition

    Kramnai
    Kramnai
    Hello As I am gradually migrating from MikroTik to Sophos Firewall Home Edition at home due to its more advanced security features, I have some clarifications regarding traffic shaping. Current Setup: I am using a Multi-WAN configuration where…
    • 13 days ago
    • Sophos Firewall
    • Discussions
  • cannot ping from sophos device

    Charlie Dodd
    Charlie Dodd
    Hi I am using SFOS 21.0.0 GA-Build169 and noticed that when I use the ping diagnostic tool in the Sophos interface it doesn't work when I select an interface (eg ping using an IP in my networks) I logged into the console of the Sophos device and got…
    • 14 days ago
    • Sophos Firewall
    • Discussions
  • IPv6 Problem hinter Fritzbox / Internet nur mit NAT

    renehoehle
    renehoehle
    Ich versuche nun schon seit einigen Stunden ein Problem zu fixen. Ich habe von meinem Provider ein /56 Prefix bekommen, was an der Fritzbox anliegt. Nun habe ich das Problem, dass ich per SLAAC intern die IPs verteilt habe, was auch funktioniert hat…
    • Answered
    • 15 days ago
    • Sophos Firewall
    • German Forum
  • BLOCK VPN ON WEB AND MOBILE

    Mohamed Arbaaz
    Mohamed Arbaaz
    HI I have a firewal with firewall rules to block social restriction both on web and mobile but the challenge is that users have dowloaded vpn on there phone are able to bypass the policies and have full access
    • 15 days ago
    • Sophos Firewall
    • Discussions
  • DNS over Site-to-Site-VPN V21

    Wotan Wien
    Wotan Wien
    Hallo, ich habe zwei Sophos im Lab stehen und teste die Version 21. Die DNS- Einträge liegen auf der "Head office" Auf der "Branch office" ist eine DNS-Anfrageroute auf die "Head office" eingerichtet. Das funktioniert, seit Monaten auf der V20…
    • Answered
    • 18 days ago
    • Sophos Firewall
    • German Forum
  • DHCP lost to all devices except one vlan

    Reem Jalal Eddine
    Reem Jalal Eddine
    hi i previously posted a question on how to migrate trunk vlans from one port to another mew port for lag configuration. Once i did the transfer we lost connection with dhcp all clients cannot get ip address but once they get a static ip the communication…
    • 17 days ago
    • Sophos Firewall
    • Discussions
  • IPS problem "OS-LINUX Linux Kernel Netfilter iptables-restore Stack-based Buffer Overflow"

    Charlie Dodd
    Charlie Dodd
    Hi All, hope you can help. Ive recently been getting a lot of alerts with this as can be seen in the image below. searching with some of the IP addresses on greynoise it shows it as commonly seen and it is nothing to worry about. i have seen that…
    • 20 days ago
    • Sophos Firewall
    • Discussions
  • OneDrive Applicaton Signatures don't work as expected

    Sariyer Belediyesi
    Sariyer Belediyesi
    "OneDrive File Download" and "OneDrive File Upload" Application Signatures are not working as expected on Sophos XGS 6500(SFOS 19.5.4 MR-4-Build718). I need to separate the OneDrive web application rules into "Download" and "Upload". However, it does…
    • 20 days ago
    • Sophos Firewall
    • Discussions
  • DMZ Configuration

    Geoffrey Njoga
    Geoffrey Njoga
    Hello Team. I recently deployed a sophos xgs 3300 firewall. I am very green in regards to the firewall but I have managed to set it up and get the LAN and remote sites to access the network services. The challenge I am facing is making my public servers…
    • 20 days ago
    • Sophos Firewall
    • Discussions
  • xg firewall rule for nvr

    SATPAL BHATIA
    SATPAL BHATIA
    Dear Team, How to configure NVR rule on firewall. So that I can access the cameras through static IP from anywhere. Regards, Satpal.
    • 21 days ago
    • Sophos Firewall
    • Discussions
  • Sophos XGS und interne DNS Auflösung

    Nico Martin1
    Nico Martin1
    Guten Morgen Leute mir ist aktuell an meiner Sophos v21 die auf einer SG 230 läuft aufgefallen das intern keine DNS Namensauflösungen intern funktionieren. Hier nutze ich verschiedene VLANs . Ich kann intern keine IPs oder Namen auflösen egal ob…
    • Answered
    • 21 days ago
    • Sophos Firewall
    • German Forum
  • Unable to access captive portal using Lets Encrypt certificate

    Tyler VanDorn
    Tyler VanDorn
    Problem: When I go to the portals from my LAN zone I can get into all of them except the captive portal. Ports 4443 (user) , 4444 (admin) work. Port 8090 gives me an error in the browser: Firefox v133.0: PR_END_OF_FILE_ERROR Chrome v131.0.6778.87: ERR_CONNECTION_CLOSED…
    • Answered
    • 21 days ago
    • Sophos Firewall
    • Discussions
  • v21 Let's Encrypt Cert creation and renewal fails, whan NAT Rule for HTTP/HTTPS exists

    PCPCH
    PCPCH
    On one of our XGS-firewalls, we need a NAT rule for HTTP/HTTPS. On this firewall, it's not possible to create or renewal a Let's Encrypt Cert. We need to disable the NAT rule, then it works to create/renewal the certificate. But this can't be the…
    • 21 days ago
    • Sophos Firewall
    • Discussions
  • SSL Medium Strength Cipher Suites Supported CBC mode Enabled

    Akash
    Akash
    How i can disable CBC mode and chacha20 affected algorithms and enable CTR or GCM cipher mode encryption.
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • Advanced Threat Protection C2/Generic-A

    Edward Raja
    Edward Raja
    Hi , We are facing this issue. Any solution for this?
    • 23 days ago
    • Sophos Firewall
    • Discussions
  • SFOS v21 - Windows DomainController connection to Clients behind RED recognized as Freegate Proxy

    Peter Riederer
    Peter Riederer
    Hey everyone, today i noticed our Windows DCs want to communicate with Windows Clients behind a RED Device, where SFOS is recognizing it as a Freegate Proxy Application and blocks it Src IP = Win DC Dst IP = Win Client behind RED Seems to be…
    • 23 days ago
    • Sophos Firewall
    • Discussions
  • Sophos Firewall v21.0 GA - Kyber TLS (Edge/Chrome) connection reset error for transparent TLS decryption

    AIFS IT Support
    AIFS IT Support
    We recently upgraded our Sophos XGS 4300 to SFOS v21. Since then, we are finding that a number of our users were receieving connection reset messages in their browser (Edge and Chrome) when attempting to access some websites with transparent TLS decryption…
    • 24 days ago
    • Sophos Firewall
    • Discussions
  • Classification query

    rfcat_vk
    rfcat_vk
    Hi folks, a question for those who can provide guidance and maybe even answer. The daily report shows various classifications for NTP type traffic. 1/. 2/. 3/. I was reviewing the hairpin NAT configurations and found there were some items…
    • 24 days ago
    • Sophos Firewall
    • Discussions
  • View related content from anywhere
  • More
  • Cancel
>