• force outgoing through the xfrm interface

    Gib GoDesk
    Gib GoDesk
    Hello, everyone. I created a DNAT rule. I receive the communication on the local interface at the SFW's IP address on the LAN and translate it to another destination that is remote on the VPN. I force a SNAT with the SFW's IP address that is assigned…
    • Answered
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • Assistance with Proxy Error Issue

    Raymar Croes
    Raymar Croes
    I hope this message finds you well. I am reaching out to request assistance with an issue I am encountering related to a proxy error with the sophos XG 330 (Fw1=SFOS 17.5.12 MR-1). I’ve noticed that when I try to connect to the web console, I receive…
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • Firewall Management - Firewalls - No firmware is available - Device is up to date

    Peter Riederer
    Peter Riederer
    Hey Folks, some of our XGS FWs have reported by mail, a new firmware update would be available for download/installation. Central instead isnt reporting anything, and still shows firewall is up to date. Even when i upload the firmware file manually…
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • SSL VPN Fehler 17711

    TobiasSchubert
    TobiasSchubert
    Hallo, seit gestern bekommen Benutzer, welche nur auf der Sophos lokal angelegt sind folgenden Fehler: 17711 - User failed to login to SSLVPN through AD authentication mechanism because of wrong credentials. Warum sucht die Sophos nun plötzlich…
    • 1 month ago
    • Sophos Firewall
    • German Forum
  • Multiple Email Addresses for local users on XGS firewall

    Luis Prunn
    Luis Prunn
    Hello community, I am currently working on a SG to XGS migration for one of our customers. The customer had a bunch of local firewall users. Many users have alias email addresses configured on the SG firewall. Unfortunately, I am not sure how…
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • WAF - VServer config problem

    Shadow82
    Shadow82
    Hi! Recently I want to configure a VIP with SSL termination on my Sophos Firewall 20 running as a VM. I have the SSL cert imported (+CA - there was no Let's encrypt E5 CA so I added it). I want to start from something really simple - Outside LAN to…
    • Answered
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • Email Protection auto generated MTA Firewall Rule

    jtaylor
    jtaylor
    Hi, I can't seem to find a clear answer as to why the auto generated MTA firewall rule is needed. As I understand it, in MTA mode emails are being 'handled' by the firewall rather than just traffic passing through it, so access should be controlled by…
    • Answered
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • Sophos Firewall: SSL VPN - Profile Disappears When Switching User Session

    Raphael Alganes
    Raphael Alganes
    Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table Of Contents: Overview Steps to Reproduce Workaround…
    • 1 month ago
    • Sophos Firewall
    • Recommended Reads
  • Certificate for SSL VPN and Captive portal

    Mina Zaeri
    Mina Zaeri
    I received a message from SSL VPN and Captive portal about a certificate issue. I created a locally-signed certificate and installed it on the client’s machine, but the error related to the certificate still appears. Could you please advise on this?
    • Answered
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • XGS-118 Internet Bandwidth Support

    UJay
    UJay
    Hi I am planning to migrate my XG-115 to XGS-118 in December 2024. Ability to fully utilise 1000 Mbps fiber internet connection is one of the deciding factors. Does anyone have tried this with XGS-118? If yes, what was the result?
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • IPsec server communication problem.

    Christian Garcia N
    Christian Garcia N
    Good morning. I am having problems with a server when accessing remote servers through an IPsec tunnel. SITE A has to access SITE B's servers and vice versa The problem is that for approximately a week one of the servers at SITE A (192.168.200…
    • Answered
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • Sophos complete surveillance in the name of security?

    Martin Nowak
    Martin Nowak
    Hello there, I recently read an article about an operation that Sophos started back in 2020 with gathering telemetry data from it´s devices. This was probably the beginning of a massive surveillance that now have been presented by Sophos as "defensive…
    • Answered
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • XG MTA to Office 365 Connector “Empty Certificate”

    AndersK
    AndersK
    I’m trying to move Office 365 connector authentication from IP-address to certificate. A Let’s Encrypt certificate has been created (on SFOS 21) and added to the SMTP TLS configuration under the Email > General tab. When changing the Office 365 connector…
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • DHCP reservation

    RobertoR
    RobertoR
    I have a few subnets, and all of them have a dhcp server/pool range for specific range. A few of them have a IP reservation (bind mac to IP address). The error/strange behavior I get is if the MAC address is in list for reservation in any of the dhcp…
    • Answered
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • VPN established but XFRM Gateway down on both sides

    Mayuresh Bhagwat
    Mayuresh Bhagwat
    This is an issue that I have seen with multiple customers. The VPN connection as Tunnel interface is established. The XFRM is configured to be non-overlapping in any sense with other IP subnets on the Firewall. Even then the gateway shows down. Here is…
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • publish Exchange 2013 on XG

    CreateShare
    CreateShare
    Hi, We purchased WAF License to publish Exchange OWA, HTTPS. What is the proper way to publish on-premise Exchange 2013 on XG Firewall? Thanks.
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • SSL Medium Strength Cipher Suites Supported CBC mode Enabled

    Akash
    Akash
    How i can disable CBC mode and chacha20 affected algorithms and enable CTR or GCM cipher mode encryption.
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • SSL VPN Sophos Mobile Connect; Automatic recconect after lost internet connection possible ?

    Stv_rse_24
    Stv_rse_24
    Hello everyone, I can not seem to find an answer to this question and hope that someone can clear this up. We are currently migrating from the old VPN Client (SG) to the new Sophos Mobile Connect Client (XGS). Both are using SSL VPN Config. …
    • Answered
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • Sophos Firewall: SSL VPN - Remote Access Static IP with UDP Second Attempt Of Tunnel Fails

    Raphael Alganes
    Raphael Alganes
    Disclaimer: This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table of Contents: Overview Configuration on Sophos Firewall…
    • 1 month ago
    • Sophos Firewall
    • Recommended Reads
  • Malware 'Unscannable' was detected and blocked in a download from acroipm2.adobe.com

    Maroun Moussallem
    Maroun Moussallem
    hello, The last two days, we've been receiving an http virus mail from sophos firewall with the following message, (Malware 'Unscannable' was detected and blocked in a download from acroipm2.adobe.com). what we had done so far, full scan launched…
    • Answered
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • HA link zone?

    Quallensaft
    Quallensaft
    What's "best practice" regarding HA link network? - at the moment my HA link network (physical port / peer2peer) is zone DMZ -> not cool because SSH access for DMZ zone must be activated or HA will not work anymore -> SSH access from DMZ zone on all HA…
    • Answered
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • Sophos MTA DKIM Verifizierung

    Patrick81
    Patrick81
    Schönen guten Morgen an euch alle! Ich kämpfe zur zeit bei dem ein oder anderen Kunden mit folgendem Thema. Es laden Mails in der Mail-Quarantäne, die laut Mail Protokoll abgelehnt wurde mit dem Grund DKIM Verifizierung fehl geschlagen. Wenn ich mir…
    • 1 month ago
    • Sophos Firewall
    • German Forum
  • Sophos XG Bridge. Mode, DHCP for VLAN takes Multiple Tries Before Getting an IP

    romaelz
    romaelz
    Hi. I've been battling this for days and finally decided to post it here and seek help. I've pfSense as the main router and Sophos XG is in bridge mode (for application filtering purposes). There's 1x VLAN involved. The DHCP works fine for the main…
    • Answered
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • STAND ALONE FIREWALL TO HA

    SatyabrataB
    SatyabrataB
    Hi, we are using standalone firewall, recently we purchase one more firewall XGS3300 we want to put both firewall in HA i read some KB article what they suggest 1.existing firewall connect DMZ Zone port to new firewall 2.model version ports…
    • Answered
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • Unscannable content bug in XG?

    TimAlbertson
    TimAlbertson
    We have several XG firewalls reporting this. Other layers in the defense report nothing. Endpoints are a mix of Defender/Huntress and also Sophos MDR. All scans are clean. Anyone else seeing this particular alert regarding the FQDN from Adobe? Alert…
    • Answered
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • View related content from anywhere
  • More
  • Cancel
<>