Hi everyone, We're using the integrated Let's Encrypt feature in SFOS V21. We've noticed some strange behavior when it comes to renewing certificates. When the firewall attempts to renew the certificate, it fails with the message: "Reason for failure…

Hello. Recently, a bunch of my locally-generated certificates have expired and I am having trouble finding a way to renew them. I am using the firewall's local CA to make certificates for WAF rules and the web-admin console. You'd think there would…

Problem: When I go to the portals from my LAN zone I can get into all of them except the captive portal. Ports 4443 (user) , 4444 (admin) work. Port 8090 gives me an error in the browser: Firefox v133.0: PR_END_OF_FILE_ERROR Chrome v131.0.6778.87: ERR_CONNECTION_CLOSED…

On one of our XGS-firewalls, we need a NAT rule for HTTP/HTTPS. On this firewall, it's not possible to create or renewal a Let's Encrypt Cert. We need to disable the NAT rule, then it works to create/renewal the certificate. But this can't be the…

i have configured a clientless sftp policy that contains the bookmark and the bookmark contains the private and public key along with server information. I created a user on our portal and allowed it to use this policy. I did on the side another rdp policy…

I created a certificate based IPSec/IKEv2 Site-to-Site-VPN using the Sophos guides between two Sophos SG135 firewalls. One firewall runs on home edition (SFVH with firmware SFOS 21.0.0 GA-Build169 ) one runs on trial (SG135 with firmware SFOS 20.0.2 MR…

Hallo zusammen, die letzten Tage hat die Sophos mehrfach versucht das Zertifikat zu erneuern. Dies ist fehlgeschlagen, obwohl es den DNS Eintrag gibt und dieser noch den Ursprünglichen A Record hat. dies bestätigt auch ein schnöder Ping test, vor ein…

I have my certificates in a folder and I'm looking for a script that will update them when there is a change so that waf will continue working without manual intervention. I have very little experience scripting, I can read and understand more or less…

I’m trying to move Office 365 connector authentication from IP-address to certificate. A Let’s Encrypt certificate has been created (on SFOS 21) and added to the SMTP TLS configuration under the Email > General tab. When changing the Office 365 connector…

Hallo zusammen, wir setzen seit der V21 vermehrt Lets Encrypt Zertifikate auf unseren WAF Regeln ein. Hierbei ist uns aufgefallen, dass danach einige Dienste nicht mehr ordendlich verbinden können. Prüfen wir hier die entsprechenden Logs, stellen wir…

I successfully obtained 5 certificates from Lets Encrypt with th new V21 feature. I can use these in my web application firewall rules and they work fine. But in "Administration/Admin console and end-user interaction" only an uploaded wildcard certificate…

Hi zusammen, ich habe Probleme bei dem Hochladen bzw. validieren von den Lets Encrypt Zertifikaten. Die Zertifikate werden vom NGINX ausgestellt bzw. über diesen. Die Zertifikate sind auch gültig und werden auch so im Browser angezeigt. Da ich…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table of Contents Overview Configuration Steps …

Hi, we have a problem with transferring syslog from Sophos firewall to the Arcsight SmartConnector. When we try UDP, logs can be seen in connector. However, with TLS communication fails. This is only example, but ours handshake also fails at Change…

Hi guys I can't see the wood for the trees -- so please forgive me this (probably stupid) question: When using PSK for IPsec without certificates, everything is working properly. It asks for password (or I save my password) click Connect and it works…

Hi, I'm facing a new issue: After deploying new Firewall the fresh instance cannot be synchronized with Central. Device keeps hanging on state connected The default certificate seems to be invalid (Namibia???) After editing the default authority and…

Hi folks, I did setup a remote access IPsec profile with a uthentication type digital certificate. The local certificate was created with a CSR by the firewall with help of OpenSSL under Linux and the remote certificate as described in docs.sophos…

We currently use an SSL certificate from Digicert for IPSec VPN access for users. When migrating from an XG 210 to and XGS 2100 do I need to buy a new certificate or will the current certificate transfer over during the migration? Thank you.

Hallo ... Ist es möglich, mit der XG/XGS eine SSID zu veröffentlichen, die Android/iOS Geräte mittels eines Zertifikates authentifiziert und bei Erfolg sich mit der SSID verbinden lässt? Bisher erledigen wir dies über Preshared Key und zusätzlich…

Hi, I have set up email scanning according to this guide: https://docs.sophos.com/nsg/sophos-firewall/20.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Email/HowToArticles/EmailConfigurePOPIMAPScan/index.html#add-a-firewall-rule I have found that…

Hi, we uploaded a certificate from our domain provider, but it's showing not trusted.

Hey, Ich bin noch komplett neu in der ganzen Sophos Thematik also bitte Nachsicht. Mein aktueller Aufbau ist wie folgt: Fritzbox --- Sophos Home FW(neuste Version) --- DMZ( Webserver auf VM auf Proxmox) Bis jetzt hatte ich den 0815 Aufbau mit einem…

I’ve noticed that some sites subjected to TLS inspection still present valid certificates from reputable CAs without generating on-the-fly appliance certificates. This behavior seems unusual because, typically, I would expect the appliance to generate…

I have enabled SSL/TLS inspection to do MITM for HTTPS(443) trafic from LAN to WAN. I have push by GPO certificat CA to windows computer. That work just fine for most site. Now I have an issue with site that have HSTS enabled. For those site that enable…

Hi Leute, ich habe ein kleines Problem bei der Einrichtung einer VPN Verbindung. Ich habe vom VPN Anbieter eine .ovpn Datei sowie ein Zertifikat im .p12 Format und eine .key Datei erhalten. Alles drei residiert im Dokumentenverzeichnis in einem Unterverzeichnis…