Hello. I am starting to get acquainted with Sophos Firewall sf01v (sfos 21.0.0 ga-build169). I have configured blocking of sites (for testing I have prohibited access to facebook.com). Tell me how to configure an exception for access to facebook for certain…

I'm experiencing with the API and Postman. We use a wildcard-certificate and I wants to update all WAF-Rules at once. Becuase the GUI-way ist very hard (every time set the certificate, all domains will be dropped and the domain from the certificate only…

I am running into issues with getting information on how to get get ABS Type Classification to install the XGS firewalls on board ships. The customer does not want to install the XGS firewalls without type classification and/or some time of approval by…

Good day We are having a challenge, we have a firewall XGS 2100 , some devices that are connecting with wifi, they receive ip address from DHCP in the firewall, we have a firewall rule for the devices with Mac address, but the devices they are not receiving…

Hello everyone, Since last week, I’ve been receiving the following error on my Sophos RED20: "May not update firmware: Firmware update counter exceeded." Is there a way to resolve this issue myself? If so, how? I look forward to your responses…

Good afternoon, I have a Sophos firewall that is integrated with a Windows Server Active Directory.Can a domain user be blocked from browsing the Internet through Sophos, but allow the computer they use to download and update the operating system, and…

We have AD synced Groups. We use them for FW Rule permissions, SSL VPN access and MFA control on the Firewall. Now we have this scenario: User XY is member of these groups: Group A (used for a firewall rule) Group B (all members of the company,…

Hello everyone, I have issue with routing over VPN IPsec tunnel. In my setup there are two Sophos XGS116 firewalls running SFOS 20.0.2 MR-2-Build378 located on HQ site and BO site. Each site has stabile ISP connection with static IPv4 address. VPN IPsec…

Hello everyone, we have a XGS set up with SSL VPN, the VPN Portal, AD integration and MFA for every user. Currently we are facing brute force attacks on the VPN Portal. We tried to prevent those by setting up an ACL rule which is blocking countries…

Hallo zusammen, ich habe eine XGS 107 bei einem Kunden laufen und dieser möchte nun auch WLAN Calls tätigen. Es sind seit längerem normale AVM 2400 APS hinter der XGS eingerichtet. Nun blockiert mir die XGS die WLAN Calls, AP probeweise direkt…

Hi, Good day! I'm currently experiencing an issue where I can’t access my GUI. I checked the Tomcat service, and it shows as "stopped." I’ve tried restarting it several times, but it still won’t start. I even attempted a factory reset, but the Tomcat…

Hi community, I need help to complete this configuration. A customer needed to improve the VPN configuration beween his hq to the Oracle datacenter. He had 4 classic IPSEC vpn PROVIDER1-ORACLEIP1 PROVIDER1-ORACLEIP2 PROVIDER2-ORACLEIP3 PROVIDER2…

Hi all, Started to have this issue the last day in the office 30mins before i left for the weekend. Basically our network has been going very slow and i have lots of this in the firewall..... like non stop. Am i right to believe fe80: is internally…

Hi All On 21GA we are trying to set up the thread feed firehol_level1 feed https://iplists.firehol.org/files/firehol_level1.netse t The feed is retrieved but not loaded into the system, all their other feeds do work unless they are to big to load…

I am reaching out regarding an XGS 116 recently purchased by a client. Interestingly, VoIP functionality—both inbound and outbound—is fully operational without any specific configurations applied to the device for the VoIP provider. There are currently…

Hello, I am converting our customers from primitive FWs to Sophos XGS's and testing TLS decryption. Would anyone be so kind to walk me through what is happening in specific case below: Setup: TLS enabled, any of default profiles, Sophos CA as trusted…

Need help on this issue, I tried to configure the SD WAN routes destination to use SD WAN profile, but the traffic keep going through default. I have tried to disable the Underlay SD WAN route and access speedtest.net (I put speedtest.net as destination…

Hi all, I'm using OSPF but don’t want to redistribute all routes. On Cisco, I would probably use a route map to filter which routes need to be advertised. Here with XGS, I have unchecked "Redistribute connected" and "Redistribute static." I’m using…

I have two clients that use the same ISP. One client has an XGS87 and the other XGS116. The ISP does scheduled maintenance at night knocking the firewall offline. My clients will have to power cycle the firewalls to get them to connect in the morning…

Hi, all of a sudden we see that our FreePBX installations triggers Network-attacks in our XGS. "Attacker" is our FreePBX, 192.168.1.22 - "Victim" is the IP of our SIP-Trunk Provider. Attack : PROTOCOL-VOIP Contact header format string attempt. This…

Hallo, Ich möchte in meiner Sophos XGS136 für gewisse Clients eine Art Whitelist erstellen, dass nur aufgeführte Seiten und Cloud-Anwendungen benutzt werden können. Hierzu kann ich ja eine Regel erstellen, die die bestimmten Clients als Quelle beinhaltet…

Hallo zusammen, wir setzen seit der V21 vermehrt Lets Encrypt Zertifikate auf unseren WAF Regeln ein. Hierbei ist uns aufgefallen, dass danach einige Dienste nicht mehr ordendlich verbinden können. Prüfen wir hier die entsprechenden Logs, stellen wir…

Hi, we're experiencing a problem with Ipsec Vpn (site2site) from Sophos to Cisco. In the Ipsec tunnel we have two subnet (subnet1 e subnet2) at sophos vpn side and one subnet (subnet3) in the remote site managed by cisco. It seems that only on subnet…

Hallo zusammen, ich habe XGS mit 2 Sophos APX APs managed über die XGS. Ich möchte nicht auf die AP6 mit Cloud wechseln. Beid en APX verwendete ich die HotSpot Voucher für das Gäste WLAN. Ist es möglich z.B. 3rd Party Access Points so zu verwenden…

Hi, I have forced a rule where users has to vpn no matter what when they are outside our network domain. I was able to perform a file provisioning that auto connect users to VPN, however I still have one issue is that sometimes, before connecting…