I have my certificates in a folder and I'm looking for a script that will update them when there is a change so that waf will continue working without manual intervention. I have very little experience scripting, I can read and understand more or less…

Hi! Recently I want to configure a VIP with SSL termination on my Sophos Firewall 20 running as a VM. I have the SSL cert imported (+CA - there was no Let's encrypt E5 CA so I added it). I want to start from something really simple - Outside LAN to…

Hi, We purchased WAF License to publish Exchange OWA, HTTPS. What is the proper way to publish on-premise Exchange 2013 on XG Firewall? Thanks.

Trying to create a WAF rule and it's thowing an error " Service is already configured on the specified port, choose another port" I've checked all firewall rules, NAT rules, admin/user settings, SSLVPN and can't find this port being used anywhere. …

Hallo zusammen, nachdem ich das Problem mit den Zertifkiaten in folgendem Thread gelöst habe, Sophos XG Lets Encrypt Zertifikat stehe ich jetzt vor dem Problem die WAF ein zu richten. Hier mal die Konfig wie es bei mir im Netz aussieht: Router…

Dear all, I have Installed the Sophos SFOS 21 on a VM on Hyper V, and I am facing Issues with the WAF. I have a internal WebServer where you can gain access over Port 8080, I want to know if it is possible to access the WEB-Server over Public…

Hi i want to ask the configuration of (WAF) regarding customer request to enable an additional port, specifically port 11883.HTTPS is currently enabled and functioning without issues. To accommodate the client’s request for port 11883, I have created…

Many of us are using Cloudflare or similar services to protected their Extranet / Webmail and other public websites using the Sophos WAF. It's possible to display the real IP addresses on any Linux servers behind the firewall by enabling Pass host header…

Hi, we have added a web server behind the WAF in DMZ zone. LAN/WAN- we can access the web server through a public IP address. we have a backup server in the LAN zone. How to do backup Lan to Dmz zone using public IP or private IP of server…

Hey, Ich bin noch komplett neu in der ganzen Sophos Thematik also bitte Nachsicht. Mein aktueller Aufbau ist wie folgt: Fritzbox --- Sophos Home FW(neuste Version) --- DMZ( Webserver auf VM auf Proxmox) Bis jetzt hatte ich den 0815 Aufbau mit einem…

Hi anyone can help me,currently i have implement WAF to my mailserver that have activesync,for now the waf rules listener port are 443 but how to allow any services like smtp/smtps/imap/ or pop3.im facing issue with slow login and cannot sent email out…

Hi Community Members, I hope this message finds you well. I am currently exploring the best practices for protecting web servers, particularly in scenarios where the firewall is not acting as the gateway, The XGS also acting a reversed Proxy.. Your…

Hallo Zusammen, wir haben seit der Umstellung von DNAT auf WAF leider ein Problem mit der korrekten Darstellung von z. B. OWA. Hier werden statt dem "down arrow icon" oder div. Funktions-Icons die Symbole durch ein î oder § ersetz. Ich habe mich…

Hi All, Sorry if this has been asked previously, I have combed through the forums and could not find a solution or direct discussion to this specific issue I am facing. We have signed up for the Sophos XG Firewall via the Azure marketplace image. I am…

Hallo zusammen; ich habe ein Problem bei dem sich der Sophos-Support leider auch die Zähne aus beißt. Gegeben ist ein OneAccess-Router von O2 auf den nur O2 Zugriff hat, eine XGS116 und ein APX320. Intern steht unter anderem ein MS Exchange Server…

When I go to edit the certificate and upload the certificate which is due for renewal ( every 13 months ), it fails with the following error at the top center of the screen: Certificate could not be updated as it is already used by HTTP Based Policy…

As with our current Sophos XGS Firewall Rules and Policies configurations, the Citrix Netscaler 2FA authentication is working. We started planning of using the Sophos XG Firewall Web Server Protection. The license required were purchased and registered…

Hi everyone, I am trying to find out if I can use the WAF rules to stop certain HTTP methods for connections to one of our web servers. I would like to try to only allow GET and POST and deny any of the others such as "DEBUG", "CONNECT", "PUT", "UPDATE…

Hallo zusammen, wir haben erheblich Probleme mit unseren IOS MailClients - bei Zugriff durch die Sophos XG. Ab ca. 500KB - 880KB Anhanggröße werden die Mails beim versenden vom Device Richtung Exchange abgelehnt. Version: SFOS 20.0.1 MR-1-Build342 Webserverschutz…

Hallo alle zusammen, ich habe seit einiger Zeit Probleme mit meiner XG210 und dem Versand von E-Mails bei mobilen Endgeräten. Im einzelnen geht es darum das wir E-Mails über mobile Endgeräte (Android, Apple) Empfangen und Versenden können aber sobald…

Hello, need help for configurate Sophos XGS to protect Exchange OWA from brute force. S erver is behind DNAT

Hi, I have set up a new Web server protection rule following this guide. Everything works fine using port 80, but when I change the port to 1001, I get 503 Service Unavailable: Web server : IIS (Windows 11). Binding: Type: HTTP, IP address: all…

WAF rule not working for a website that hosted on internal IP in windows server 2012

With reference to below doc https://docs.sophos.com/nsg/sophos-firewall/20.0/help/en-us/webhelp/onlinehelp/AdministratorHelp/WebServer/AuthenticationTemplates/index.html Is there any variable available to get client ip address? Example "client_ip…

Hello, we have also this problem and cannot send larger emails from mobile phones throuth our XG135 firewall. (ActiveSync) What are the steps to fix this problem? (1MB Limit) Thank you