Hello, everyone. I created a DNAT rule. I receive the communication on the local interface at the SFW's IP address on the LAN and translate it to another destination that is remote on the VPN. I force a SNAT with the SFW's IP address that is assigned…

Guten Morgen! Kurze Frage, wir haben vor kurzem unsere XG durch eine XGS ersetzt. So weit so gut. Wir haben noch ein paar AP55, die ja nicht mehr von der XGS unterstutzt werden. Jetzt kam mir die Idee, die alte XG als Basis Firewall und WLAN Controller…

Hello, we have a problem which with the routing over VPN. A user is connected to SSL VPN with the XGS. The XGS has a site to site IPsec VPN connection to resources in the cloud. A request from the user's client using SSL VPN for resources in the…

Hello everybody! Right now I have the situation where I want to have multiple public Servers behind a sophos virtual firewall. For the Sophos i have a seperate public IP. I have a public IP Subnet for the servers that is routed via the public IP of…

Hi there, we have a /64 subnet (with gateway) and a /56 assigned by the ISP. No PD in place. I've assigned an address from the /64 subnet together with the gateway to the WAN interface, which is now reachable via IPv6. I'd like to assign IPv6 Addresses…

Hello, I'm not an expert (for the moment) on Sophos. For a customer that has an XG Firewall, he asked to configure a SSL VPN connection. As I already done this some years ago on a privous Sophos Router, it should be possible ;-) But the LAN/WAN…

Hello Team, I've successfully configured the Sophos XGS in my security account and routed internal traffic via the Sophos LAN ENI instead of using a NAT gateway, which is functioning well. Now, I have another workload VPC in a separate account that…

1. We have a 2 XGS connected via a private ISP fiber and the interfaces are LAN / GIG. 2. For resiliency we have a IPsec Tunnel interface between the same, using a disparate ISPs at each location VPN/GIG. We have been using OSPF for all of our routing…

Servus zusammen, ich bin gerade dabei, eine Sophos SG230 auf eine XGS2300 zu migrieren. Auf der SG230 hatte ich eine Gateway-Route konfiguriert, bei der diverse Zielnetzwerke in einer Netzwerkgruppe zusammengefasst und zu einem Core-Switch geroutet…

Hello Sophos, today we received the information, that FRR has new CVEs: CVE-2024-31948 CVE-2024-31949 CVE-2024-31950 CVE-2024-31951 All versions <= 9.1 are affected, including version 8.4.2 on the Sophos firewalls. When will the update be provided…

Hi, Two locations are connected with MPLS. Both locations have Sophos devices. In both locations, the servers and PCs behind sophos can ping each other and access each other. However, when we ping or trace the same ip addresses in the diagnostics…

Hi Team, I have created a network on layer 3 with a point to point connection from port 3 of my network to the layer 3, which ideally hold my internal network VLANS & devices. on port 3 i have the one IP, and on the switch i have another ip (point…

i have two vnets in resource group. vnet1 network address is 192.168.0.0/16. Wan subnet is 192.168.100.0/24 Lan subnet is 192.168.200.0/24 Sopho Xg firewall is deploy in this subnet. Wan portB interface ip address is 192.168.100.4/24 and Lan portA…

Hallo zusammen, ich bekomme keine E-Mail Benachrichtigungen von der XGS, weil meine Externe IP in einer geblacklisteten ISP Range ist. Als Workaround möchte ich die E-Mail Notifications von der XGS über den IPsec Tunnel an meinen Lokalen Exchange…

Hi, I have been trying to implement SMTP routing for inbound and outbound SMTP traffic over a GRE tunnel. I have another thread about this but I am having some trouble with the source of inbound SMTP traffic, becoming the destination? (screenshot below…

Hello, I work on 2 Sophos XG on 2 different sites. They communicate with each other using a Site-to-Site IPSec VPN. Site A : Sophos-XGS 33100 (SFOS 19.5.3) Site B : Sophos-XG 330 (SFOS 19.5.3) 3 subnets of Sophos A are configured to be able…

Hallo zusammen, wir würden gerne die UTM mit der XG austauschen. Da wir auf dem UTM eine Gateway-Route statisch definiert haben, stellt sich uns nun die Frage, wie und wo ist das auf der XG möglich? Vielen Dank für die Hilfe.

Hi We are pulling our hair out slightly trying to get a SD-WAN deployment to play ball and have so far spent over 10 hours on the phone to support so far without them being able to explain why this traffic is doing what it is. The scenario is a 9…

Hello, I have a problem. I want to allow the internet to go to all branch offices through the XG firewall at the head office. The other branch office has a Sophos firewall, Currently, I have centralized internet connectivity at the HO as well…

Hi, We have an issue that I need to resolve and I am unsure of how to get this to work. Scenario: 2 schools need to connect their networks via a backbone provided by Virgin. The backbone provided has a Cisco firewall at each end. School 1 has an…

Hello, How can i configure a routing for this scenario? I tried some configurations but i´m not having any success. Trying to configure sophos and wireless apx to work in different networks. I´m connecting via wireless to APX320 and getting…

We have a banking customer with Sophos deployment and the network looks like below: Firewalls: XGS 87 (12nos), XGS 107 (2nos), XGS on AWS (1nos) Network: XGS 107 is deployed at DC and HO AWS hosts their software and has a Sophos deployed there…

My other other end BGP peer advertises a lot of network, including my side local network. I want my end device to exclude one network from learning (like 192.168.2.0/24). Are there any BGP commands for this.

Hi, maybe a dumb question but what does the command really do? Maybe it is because of my special setup with the BO firewall tunneling all traffic to the HO firewall. But as far as I understood the - very well hidden - comparison whenever I want to do…

Hello, I have 2 branch offices that are connected to the head office via VPN , now I want to connect these 2 offices to each other using the head office as a forward node, is that possible? if so please explain how PS: The branch offices don't have…