Hello everyone. I have Sophos XG in my home. I created all the rules and activated all protections IPS , ATP , SSL/TLS Decrypt etc. In local TLS exclusion list i added Battle-net , Blizzard and other games i play. When SSL/TLS decrypt is on Diablo 2…

We are having something happen on our Firewall which we are implementing and can't quite get our head around it. We have traffic coming from some clients. HTTPS specifically. We have a rule which allows HTTPS traffic from the clients IP to the WAN with…

Hello, I have problems with a few clients to access some pages. In the browser appears a SSL_PROTOCOL_ERROR. In the log viewer in the module SSL/TLS inspection appears the error "Dropped due to TLS engine error: OUT_OF_MEMORY[201". For some the error…

I can't print when Mac and Printer are connected through XG Firewall's bridge. Mac - XG br0 - Printer I can print by disabling SSL/TLS engine. Or I can print by disabling IPv6. IPPS (Internet Printing Protocol over TLS) is used for printing. When…

We're having a strange situation again after it happened last week already on our SFOS 19.0.1 XG430: Some users browse to a website that has no exceptions on our firewall for decryption. The browser (firefox or chrome) show an error that the site…

I have an application, Parallels Access, that as part of its login process connects to different Parallels websites. I am getting the error "Blocked due to using client certificate" that then fails the connection, and I can't log in to the Parallels server…

hi, i have XG430 , created a firewall rule and selected with following web filtering checks: Block QUIC protocol Scan HTTP and Decrypted HTTPS Scan FTP for Malware Decrypt HTTP during web proxy filtering. SSL and TLS inspection is enabled when user…

Hello, we have XGS 136 firewall with enabled SSL/TLS inspection All workstations have Logmein installed. Sophos Firewall Certificate is installed on workstation trusted certificate in local computer storeOn XFS firewall I have create Logmein Local TLS…

Hello everyone, I am brand new to Sophos. I have a home license version deployed in my home lab and evaluating to see if I want to move my business over to sophos from fortinet. My issue is I don't think DPI is working. From everything I read, it…

Hi all After à security pentest the following vulnerabilty have been discovered. Secure Sockets Layer/Transport Layer Security (SSL/TLS) Server supports Transport Layer Security (TLSv1.0) (1) The solution is to disable TLS1.0 and enable TLS1.2. Please…

Hi there, I'm struggling with a problem that i don't really understand. In the DMZ is SFTPGo App, which provides a FTPS server. From external (NAT) through port 21, works TLS or unencrypted connection. From internal, although test LAN DMZ to SV is set…

Hello there. I am using XG firewall home edition in my house. Some of the iOS apps are not available with SSL/TLS inspection enabled. When disabled, they can be used. I checked LogViewer and in some cases it is Error and in other cases it is not Error…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table of Contents Overview Log Viewer Firewall (Invalid…

Hi there, I recently configured a new XGS3100 active/passive cluster with SFOS 19.5. Everything seemed to be fine, but as I wanted to configure the SSL/TLS inspection (I normally do this as one of the final steps) I realized, that there is missing something…

Hello community, we are facing a strange behavior since we´ve updated our XGS4500 to SFOS 19.5.0 GA-Build197 . Some website are not fully accessible through IPSec Remote Access Tunnel (via Sophos Connect Client). The first line of the above SSL…

I have Host A talking to Server B with 587 SMTP with STARTTLS A uses only Ciphers that are not supported by B and B closes the connection after A sent the TLS Client Hello. Now we have a firewall rule that has IPS enabled, nothing else: The handshake…

Hello, i installed yesterday the firmware. After that i was faced with following issue: In SSL Inspection i habve 3 rules in the following order: 1. Exclusions by website 2. a rule with no decryption enabled from LAN with the Range of Smartphones…

Hey there, We've got a weird issue with one application failing because it looks like the XG isn't forwarding the TLS packets appropriately on one link. A: XG135 (SFOS 19.0.1 MR-1-Build365) 10.109.10.250 B: XG330 (SFOS 19.0.1 MR-1-Build365…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table of Contents Overview Adding Active Directory Certificate…

Ich bekomme beim Aufruf von Links - die als Anzeige markiert sind - bei der Google-Suche einen Datenschutzfehler: Ihre Verbindung ist nicht privat. Angreifer versuchen möglicherweise Ihre Informationen von 192.168.100.254 zu stehlen (z. B. Kennwörter…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table of Contents Overview General settings: IoT devices…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. During the webcast on November 14, 2019 there was the following…

Hello Community, I have the problem with the Sophos Central Sync that a TLS rule does not want to be synchronized. I always get the following error message: This error can be reproduced with complete every sync. For example, on a new firewall…

Hello, At work I have a situation that Sophos Support has been unable to resolve. We use Addigy as our RMM for Apple devices, to have remote connections it uses Splashtop. We have not able able to add sufficient exceptions or maybe I am doing…

Hello Sophos Community, I got a Question about designing specific Rules for Applications that are very untransparent how they handle SSL Fingerprinting. Example: From: LAN Zone - From: Specific Host - With Application A (Application RULE 1) - To…