I have a Sophos UTM9 cluster where each firewall is connected to two different ISPs (let’s call them WAN1 for Provider A and WAN2 for Provider B). Let’s name the interfaces 1-2 (node 1) and 3-4 (node 2). I want that: 1) the traffic to failover from…

What is the best way to block all traffic to .zip TLD via UTM9? Normally I would use web filter profile with regex, but that isn't working. I've already blocked via intune where applicable, but that doesn't cover all devices.

I think what we all were thinking, finished my Sophos UTM Udemy course, thanks for all of your suppor without this community, it wouldn't be easy as much as it is now, I just wanna thank the Sophs Community for your support. If you wanna take a look…

Hello, Today i found something weird on my UTM logs, the client downloaded some files from Internet and i see the the traffic it show opposite direction, the download content should appear as Inbound traffic but below screenshot show totally wrong.…

Newbie question. I am running Sophos Home UTM 9 software appliance on a server I built. I have an app running on a single workstation that needs to communicated in and out on ports 4000 and 4001. I set up the following rules but it doesn't seem to be…

Hi! Running an SSG330. I have a strange situation and I am a bit at my wits end. I have a subnet attached to a VLAN interface, which is applied on the Sophos LAN interface. I have setup masquerading for this subnet to the SSG330's External interface…

I realise i should probably looking to the VOIP phone support people, believe me i am on it, but after a recent firmware upgrade of an LG iPECS system what was previously working fine now works intermittently throuhg our Sophos SG UTM. Callers can't be…

Hello, I'm trying to create a simple allow list (whitelist) in in the SOPHOS UTM Firewall for a particular site, leaving all other sites unaffected. See the following configuration screen; Rules 9 and 10 are the ones of interest. Rule 9 is attempting…

We recently changed ISPs and I haven't been able to renew the Let's Encrypt cert for UTM sophos.mydomain.com... i cloned all the rules and added new interfaces and the migration to new ISP went flawless. I have a NAT rule I turn on when it's time…

Hello, i have actual the configuration, that my media server (Win 10 with 1 Gigabit Interface) on eth 3 is in the DMZ with Network 172.16.0.0 /16. The Media Server connect directly to Internet via OpenVPN. From Internal LAN I can connect via RDP and…

Hi. Hope I'm posting in the correct group.. I'm trying to change the up and down speed of the external NICs QoS rule. When I make the change, I have no internet connection. Turning the QoS of for that interface has the same effect. Looking at the firewall…

Hallo Zusammen, gibt es eine Möglichkeit Anfragen an die Firewall (ping oder DNS) im Firewall Log zu sehen? Beides ist möglich aber ich sehe nichts im Log. Sobald ich Anfragen nutze (z.b. Port 23) sehe ich diesen. Viele Grüße Jiyon

Dear Export. I'm new in handling Sophos Firewall and i hope i can get some advise. Below is the scenarios. Background Web user connect to webmail server via port forwarding. Port forwarding from example Port:12345 to Port:80 Issue …

He utilize Cacti server for network bandwidth monitoring and packet loss so we can have historical information for our clients. Please hella good when dealing with ISPs and packet loss. :) We come from a Mikrotik world but one of our clients use a SG135…

Morning All! Just installed a new Panasonic NS700 phone system at the Office. It's working perfectly here onsite but I have a handset at home that is connecting to the external IP I have setup for the PABX, downloading all its settings etc I can log in…

Today when I tried downloading an *.iso file, I've got the error "unable to initialize SaviStream object". Does anybody knows how to solve this problem? Here is an screenshot: Thank you in advance! Meghan

Hello, I have a VPN Router in a DMZ, what is routing all my Internet Traffic to a VPN Service. I was wondering to protect the Router in the DMZ, if it would make sense activate Web Application Firewall for this Router ? I know that this settings…

Hello Everyone, a customer of ours asked us a question about giving a Power-User a seperate DSL-Line with a static IP-Address for his home-office. So here is my question: Is it possible to give one single user an ssl-vpn profile that connects…

Sophos UTM Configuration Interfaces External (WAN) 82.x.x.x DMZ 10.0.0.1 /8 Internal (LAN) 192.168.0.1 /24 Network Services - DNS - Global - Allowed Networks DMZ Network LAN Network Forwarders - DNS Forwarders Google DNS…

EDITED: BLUF, Rulz #2 you will see that the UTM "services" such as Web Proxy, WAF, DNS, DHCP, etc all take precedence over the Network Firewall rules. If you need to restrict devices from using those ports and protocols, you must do 100% of that configuration…

Hi Everyone, I have installed Web server (Linux Apache) instance in AWS and provided public access to web server through HTTP with Sophos UTM 9 and it is working fine. when I configured HTTPS for same Web server (Linux Apache) and tried to access HTTPS…

Hello, We are having several customers that they host their solutions to our data center. Until now each customer had their own firewall and their own IP range. With the current configuration we used a different firewall brand for each customer. Each…

I recently have setup Sophos Home UTM 9 and I currently having trouble port forwarding my CCTV System, so I can remotely access. however when I create a rule it doesn't seem to work. I have checked the firewalls live log, and the CCTV System doesn't…

Please see the attached network topology, I'm looking for opinions on the best configuration based on performance and security. I welcome any suggestions that the experts on the forum can provide to assist with this config. I would also welcome…

Here is a step by step help article on how to do a port translation in a SOPHOS UTM 9 for RDP Step 1: Log into your SOPHOS UTM 9 appliance and go to "Definitions & Users" Step 2: Click on "Network Definitions" Step 3: Click "New Network…