Hello, I found this discussion : https://community.sophos.com/sophos-xg-firewall/f/discussions/129553/ssl-inspection-microsoft-stream-server-did-not-respond-to-client-hello but this does not give answer for question what message "Server did not respond…

Hi, facebook site is broken when TLS scan is enabled. The weird thing is, its only in firefox, edge works fine. Do you have a hint for me?

Hello Community, I have a problem with Microsoft Stream if SSL Inspection in enabled. Some streams won't start. If I look into the SSL Log, I see the error message " Server did not respond to client hello " for host streameuwe1su051.azureedge.net. I…

In XGS series, SSL/TLS inspection throughput has increased significantly compared to XG series. I guess the inspection is processed not by NPU (Xstream processor) but by CPU and I'm interested in how it was possible to achieve such a significant performance…

Until recently we were using a self-signed certificate for SMTP email connections on our mail server. Yesterday we changed to a Letsencrypt certificate and started getting delivery failures to some but not all recipients. When we looked at our mail…

Hello, Our office has a XG330 - SFOS 18.0.5 MR-5-Build586. For the past few weeks, both on our WiFi and wired connections we are seeing high percentages of Packet loss (frequently over 50%) on receiving video/audio/screen shares. When I look at the…

Hello I'm wondering how Sophos XG validates the certificate chain (web surfing ssl inspection). We use web policies with "block invalid certificates" on a new installed sophos XG for a customer. Normally, we don't see a lot of blocked websites due to…

Hello Community, I have a problem with WebEx and SSL Inspection. I build a SSL Inspection Exception for "webex.com" and in the SSL Inspection Log I see the traffic to webex.com and the Subdomain as "Do not decrypt". If SSL Inspection enabled the User…

Hello Community, I have an interesting problem with an HP Pro 477dw printer and sending email via Office 365. When SSL Inspection is turned on on the firewall, it takes about 5 minutes for mail to be sent via smtp.office365.com (port 587 SSL/TLS). SSL…

Hi, I try to get anydesk running with TLS Inspection. I´ve read this post: https://community.sophos.com/sophos-xg-firewall/f/discussions/123967/how-to-allow-or-block-anydesk-when-using-tls-scanning I created a IP List with all the anydesk Servers…

XGS on 18.5.0. I'm looking at my Firewall rules and I have one that covers HTTP and HTTPS. This rule show 6GB in and 1GB out over a period of time. I also look at my TLS Inspection Rules and I have one that also covers HTTP and HTTPS. This rule shows…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. ______________________________________________________________________________________________________________________________________…

Boa tarde; estou com o seguinte problema: Sophos permite a conexão porém ele perde a conexão em seguida impedindo que o site abra para os usuários internos mesmo quando não há nenhuma política aplicada ao computador interno Identifiquei erro de…

Hi, i've enabled SSL/TLS Inspection with cert installed on PCs but i'm still getting SSL/TLS errors

Hi There, I'm not sure when it started but on a Mac if I'm using the Mail app or the Outlook app and try to add a Yahoo IMAP account the XG Firewall is not allowing it to connect using SSL 993 and I can't see why, it is the DPI engine that is responsible…

LogMeIn client opens but fails to connect to clients when XG SSL/TLS inspection is on. I've tried changing most of the inspection settings without success. The default exclusions for TLS decryption include logmein.com etc but have no effect. The only…

i am having trouble allowing access to Microsoft store via the app in windows 10, i hav e managed to narrow it down to the below error SSL/TLS inspection 2021-02-15 11:43:39 Error 19017 1 …

Ever since updating to v18 MR-4, I'm having issues with the Ring app on iOS with SSL/TLS Inspection enabled. In previous XG builds, I was not experiencing this issue with the same settings I have now. SSL/TLS inspection is enabled with an associated…

Hello, I have been slowly making everything work with SSL/TLS inspection. Trying to get as much as possible inspected and adding exclusions for things that I have not been able to find how to fix. But I got to an impasse with two applications…

Dear all, i'm running a XG (SFOS 18.0.3 MR-3) and have figured out that if i have SSL/TLS engine enabled the Apple continuity does not work - in the beginning i thought something is blocked by web rules or application filters - no it is definitiv the…

Hej, I have the following problem: on certain pages the SSL/TLS inspection is effective although the filtering is not active in the firewall. This affects both the new XStream filtering and the filtering via the web proxy. A HTTPS connection cannot…

Hi all, after going from decrypting HTTPS traffic by proxy to the dpi engine my download performance dropped massivly. I am on a SG 230 hardware where the XG 18 MR3 is installed on. Taking the same side downloading an ISO file via HTTPS with proxy…

Hello everyone, I would like to know if there will be regex support, or even wildcard support for URL Groups or Categories in Sophos XG. Currently It's only possible to use those in Exceptions. I'm asking this because currently It isn't possible to…

Hello everyone, I would like to know if Groups support for SSL/TLS Inspection Rules is on the roadmap, which should work in the same way of the groups support for the firewall rules. Thanks!