Hello Sophos Community Using the latest firmware as of today (SFOS 19.5.0 GA-Build197) on Sophos Firewall, installed as a virtual appliance in Proxmox 7.3-4. It's a home license, on 4 virtual CPUs (host), and 6GB memory. I'm using the official qcow2…

Hi, I tried to configure a WAF rule that is using Port 8090, but on save I get the error message, that port 8090 is already in use. This is the Captive Portal Port. Is there any way to change Captive Portal Port or is there any solution to use it…

Hi, i wish you all a happy new year, since we started using XGS2100 appliances with version SFOS 19.0.1 MR-1-Build365, have we noted some problem like Auto discover is blocked. i am trying to call the auto discover service but web application…

Im trying to find an explanation about metioned topics. But i cant find it in documentatnion, can someone point me where to Sophos is explaing it?

Hello, I have a VPN tunnel to another site, there is a web server that should be reached via a reverse proxy on the XG. The XG has an additional IP address (192.168.0.140) on the LAN interface (the LAN interface has IP 192.168.0.2). The IPSec tunnel…

Hello everyone, I have some questions and hope you can help: 1. We are publishing some web servers behind the firewall using WAF. There are some "Forbidden" messages and checking the Reverseproxy.log shows OWASP ModSecurity. As we can see only a simple…

Hi everyone! We are using a Sophos XGS2300 (SFOS 19.0.1 MR-1). We uploaded a pfx-certificate to the WAF which specifically included only the webserver certificate itself and its intermediate certificate. But, when we check the site with a tool like…

Hello, I am running with Sophos XG210 (SFOS 19.0.1 MR-1-Build365) . There is Request Entity Too Large error is still existing when I download file larger than 1 MB from WAF protected website. Here's the error message. ========================…

Good morning community, I have a problem with WAF after a migration from XG230 to XGS2300. It was a XG230 HA cluster which I disbanded before the backup and only backed up one firewall. I imported this backup into a new XGS2300 and again formed a…

I've got 2 web servers on different local IP. Both IIS. (x.x.x.7 and x.x.x.21) I've done 2 waf rules on firewall but i've got a DNAT on HTTP direct connect to 1 server (x.x.x.7) It is necessary have DNAT rules (loopback and reflexive also)? Infact…

Hello everybody, Is there anyone who has a step by step guide on making RDS Web and Gateway work using WAF rules. I have been trying to get this to work for more than a day now and I can't get it to work. My setup for now is RD Sessionhost, RDWeb…

Hi, we have a web server with a public IP. Let's say the IP is 123.123.10.1/28. The gateway of this server is a network interface of Sophos XG, lets say 123.123.10.14/28 (we are autonomous system, we have several public IPs). How can I protect the web…

Hi, I'm trying to use Web Application Firewall to protect web servers behind NAT. Currently I have configured firewall to accept HTTP traffic and forward it to internal server. So my question is, in case of WAF, is NAT required to exist or it's automatically…

Hi On a Sophos XG with "Web server protection," we host a website (WAF). Now that http/2 is available, our contractor wants to make adjustments to our website. He inquired about the WAF's support for http/2 and whether that was OK. Only the fact…

Hi I have a new ADFS 2019 system behind a WAF on XG. The external tests keep telling me it has Strict Transport Security (HSTS) off. Is there a setting on the XG that affects this when putting a local server behind the WAF or have I missed something…

Hi We're hosting a Website behind the "Web server protection" (WAF) on a Sophos XG. Now our contrator is planning to update our website to use http/2. He asked if that is ok and whether the WAF support http/2. I only found information about Sophos…

Hello all. I'm trying to add a new "Protection Policy". When I fill in everything and press "Save"... nothing happens. I think the "Save" button goes from a dark blue to a lighter blue, but nothing saves, no messages, no refreshes, nothing. No feedback…

Hello, I'm having some trouble wit the webserver protection for an Exchange 2016 Cluster. We're running a brand new XGS3300 firewall cluster in our datacenter with 10 Gig internet connection. I've configured only IPS rules for the Exchange Webserver…

Hi there Last week, my wildcard certificate expired. No biggie. Got a new one, imported it into the firewall, everything ok. When I selected the new certificate in my WAF rules, I was able to save this configuration and expected the firewall to use…

Hello everyone, is Sophos WAF okay with redirecting http://wwww:aaa to https://wwww:aaa ? It seems to be okay with default http and https ports, but not working with non-default ports

Hi, I'am lokking for some help to come over a problem with Exchange 2019 and WAF with static URL hardening. I use this poular documentation here: https://www.frankysweb.de/sophos-xg-18-webserver-protection-und-exchange-2019/ and it did not work as…

Hi, We are having som issues with sending mails from Apple devices using Apple mail - it seems to be related to NC-62805 https://community.sophos.com/sophos-xg-firewall/f/discussions/127826/sophos-xg-18-0-3-active-sync-email-problem https://community…

hi i have two server using https mail server and web server when i want to access from outside to the sever web it load always the mail server, and when i change port to 80 it work but i want to use https for web server. pls any help i have sophos…

Hi guys I have a general and maybe basic WAF / reverse proxy question: I do use some ressources from WAN-side by setting up a "simple" Firewall and DNAT rule to port-forward these ressources. Clients that match the firewall rule have access by calling…

Hello We're trying to use a Webserver behind web server protection (Sophos XG) where clients have to authenticate themself with a certificate. We're able to reach the Website and we can authenticate with username and Password. But, however, our clients…