Hi all, I have a HQ site and a branch site. There's a policy-based ipsec site2site connection established the sites. Branch site has SSLVPN(OpennVPN 10.81.255.0/24) server running and is used as default gateway. Branch site also has an internal…

Hello everyone, Sorry for being a noob here. I have the following network map layout: I use a dual-WAN bandwidth aggregation configuration rather than a failover one for most of the interfaces. However, I look forward to: Assign my TrueNAS server…

We have the following scenario: Sophos XG135 (SFOS 18.5.2 MR-2-Build380) Port 1 gateway to fibre internet Port 2 Gateway to VDSL Port 3 Gateway to LTE Port 4 LAN Clients Port 5 LAN Server Port 6 DMZ The XG connects multible IPSEC tunnels via Port…

Am I missing something here ? I've installed Debian 3cx and Gateway is Sophos XG (static ip and gateway set on network)... however even without Sophos running i can still get normal access to 3CX just fine, which proves despite setting static IP and…

Hello I have two sophos connect together. Sophos1 - switch - Sophos2 I have multiple VLANS between them. All vlans have owen subnet. Phisical interface has also owen subnet. I cant ping betwen vlan interface. Whatever i use. But Phisical interface…

Hi, I'm attempting to get WAN failover working across sites using OSPF (default information originate). The issue is with getting the local default route disabled in case the local Internet connection drops. Can you please let me know what is the correct…

Hi community, for reasons of simplification let´s assume that our XG450 ( SFOS 18.5.2 MR-2-Build380) has 4 ports configured: Port 1 - Zone WAN - IP 1.1.1.2/24 Gateway is 1.1.1.1 Additional Alias: 1.1.1.3/32 Port 2 - Zone DMZ1 - IP 2.2.2.1/24 used…

Hi Everybody. I am running SFOS 18.5.2 MR-2-Build380 on an Intel iCore 5 based PC as "Sophos XG Firewall" in connexion with an ASUS Router operating as Access Point and my ISP operator TV Box which is connected to Asus Router. As the "Sophos Firewall…

Hi all, we have recently replaced a customers firewall with two XGS 126 in active/passive cluster. During the implementation we experienced some issues we wanted to discuss here to find a solution, if possible. I already did some research in the Sophos…

Hi, I have Sophos XG330 and two BGP link configured in LAN Zone. Both link are active and working. I would like to configure failover/ Failback and set primary and secondary link. Does SD WAN Policy Routes help to achieve this ?? I have tried…

I have two Sophos XG Firewalls ( SFOS 18.5.1 MR-1-Build326) Both are managed by Sophos Central and I used the platform to create an SD-WAN between the two offices. I am trying to get the Branch Office XG to access the AD at Head Office in order…

Hi all, We recently switched from a UTM software install to a pair of XG3100s running in HA active/passive. Since the switch over we have had an issue with clients at our branch offices communicating with servers and devices on our LAN. Network…

I need 2 networks to talk with each other using 1 ip address. The 2 sites are physically connected with a Metro E (Dark fiber), this connection is a dedicated fiber between the 2 sites. Each site has its own network. Site A has the IP’s that Site B needs…

So as of right now I have Sophos running on a r610 server with Proxmox and I am only using 2 of the 1 gig nic. My question is what's the best way for me to disable to home cable modem DHCP and force connected clients through Sophos. Would setting the…

Hey folks, I am trying to forward Apple Bonjour request from one VLAN to another VLAN. The scenario is the following: VLAN 10: Airplay devices (broadcasting) Wired clients VLAN 20: client devices (MACOS) WiFi clients The goal is to have…

We have an IKEv2 IPSec tunnel between two Sophos XG Firewall appliances in a corporate system for a remote site. We don't have any specialized MSS or MTU settings other than what the IPSec tunnel already applies. Our IPSec configuration profile for…

Hello, We have a clients-server based application, where the server is in a different vlan as the clients. The communication between both vlans is routed via SophosXG VLAN Interfaces. (XG430 / 18.5MR1) The GUI firewall rules are configured to…

Hey there! Simple (and maybe stupid) question: If I have a network like this: WAN | PPPoE Router (192.168.1.1) | (192.168.1.10) (Zone: WAN, Default gateway 192.168.1.1) Sophos XG (192.168.5.1) (Zone: LAN) | LAN (All IPs are with /24 subnet mask…

Hello community, Recently i was asked to migrate an existint configuration from a router to XG firewall and here is the scenario : an application running in my local server with the name : transmission.local.co IP@ is 192.168.62.11 DNS serve r…

Why does the XG210, for the purposes of configuring a static route, require a different Gateway IP address from the VLAN Interface IP address? Trying to get my head around to understanding this static routing thingy on the XG210.

Hi I am using Sophos XG115 as the firewall and i do have a layer 3 switch (Unifi 8 port POE 60W switch) which leverages VLANS created & tagged at XG115. Users in different VLANs want to connect to devices (e.g. Network Printer and Network Attached…

Hi, I am sure this is something that is really easy to fix but I seem to be having some issues with the IPsec (Remote Access) setup. I have followed a detailed setup guide and while I can connect OK, once connected I cannot seem to ping anything on…

I have a server at site B that has been relocated to site A. Workstations at site A are still pointing to what used to be the server's internal IP at site A, 2.2.2.2. I have built an IPSec tunnel interface between the two sites with respective static…

Hi, So i have the following Problem: On Site A i have a XG v18 with 2 WAN Interfaces, a client network (192.168.166.0/24) and a VoiP Network (192.168.168.0/24). WAN-1 is the default WAN and with SD-WAN routing all traffic coming from the VoiP Network…

This is hopefully a simple question... how does one undo the Asymmetric Routing commands as illustrated here: Avoid Asymmetric Routing in Cyberoam (sophos.com) Yeah, the article is for Cyberoam but applies to XG as well. Thanks in advance!