It's become apparent that about 90% of the incoming external DNS requests are being blocked at the firewall. Config: Our public NS1 is a Windows 2012R2 server, running in a DMZ. There is a simple DNAT rule (Any -> DNS -> External IP ==> Change dest…

Hello, I'm trying to create a simple allow list (whitelist) in in the SOPHOS UTM Firewall for a particular site, leaving all other sites unaffected. See the following configuration screen; Rules 9 and 10 are the ones of interest. Rule 9 is attempting…

Hi we got the problem that all oure VPN-Client users get 3-6 Times a Day the following error: Wed Mar 31 08:50:18 2021 Authenticate/Decrypt packet error: packet HMAC authentication failed Wed Mar 31 08:50:18 2021 Fatal decryption error (process_incoming_link…

Hi there, today I really had to block traffic coming from a specific IP going to my UTM 9.705-3 trying massive IPSEC logins. Adding a firewall rule at #1 position did not work so I added a DNAT-rule to NAT all traffic coming from this IP going to…

Hallo, möchte eine dnat regel anlegen um die Ports 49152-50175 zur telefonanlage zu öffnen. Bin wie folgt vorgegangen Host angelegt: IP Telefonanlage Dienst angelegt mit Quellport 49152:50175 Zielport 49152:50175 Über Serverzugriffsassistent…

Guten Morgen, ich verzweifle gerade ein wenig an unserer Telefonanlage. Folgende Thematik: Wir haben eine Sophos XG 125w (18er Version) Firewall hier hängen 3 Netze dran (1x Vodafone DSL, 1x Telekom DSL, 1x Telekom SIP Trunk). Ich habe probleme…

Hi Guys, I'm running the latest UTM 9 (version 9.705-3). I have the following configuration: LAN 1: 10.10.1.0/24 LAN 2: 10.10.2.0/24 SSL VPN Pool: 10.10.3.0/24 Everything works fine. I can log in with VPN users and they get allocated an IP address…

Hello, i use Sophos UTM Home since years now, and im really happy with it:) But as the Sophos UTM is still missing the Open VPN Client possibility, and DNSCrypt DOH is also not possible, i was thinking to add an other FW as Fronted Firewall to configure…

I have five Draytek 2960 running IPSec VPNs to a Sophos XG230. The Drayteks initiate the connection using IKE2. I get an email from the Drayteks every 53 minutes saying the link dropped. (It reconnects.) IKE Phase 1 timeout is 28800 seconds, Phase…

Hi, mattin here. Im using SG Sophos and stuck just now. I want to add rule to allow connections via SG firewall to one service which is using some ports (which I know and can configure) and - as destination - is connecting to external servers which they…

Hallo liebe Mitglieder, kurze Frage. Ich möchte von A > Any > B auch wieder zurück B > Any > A Erklärung: Ich möchte zB. Mit meinem Notebook A das Notebook B per Ping erreichen können und auch umgekehrt. Meine Frage: Richte ich das beidseitig…

Hi all. I have a custom built router using a Gigabyte J1900N-D3V board. To cut it short, inter-VLAN traffic is limited to about 200mbit, but the CPU utilization only ever hits ~30%. Of course standard snort does not take advantage of the multiple cores…

Currently, the UI in the UTM allows blocking active content which includes ActiveX, Java, and Flash. Flash is now obsolete and considered risky to use at all. The manufacturer is now blocking it. I propose the UI be chanced to allow for the blocking…

We are adding 2 WAN connections next week I have reviewed as much documentation as I can but I cannot determine the best and correct configuration to achieve this. both new WAN lines are working 1st mainline microwave and the 2nd fiber we want to creat…

We are adding 2 WAN connections next week I have reviewed as much documentation as I can but I cannot determine the best and correct configuration to achieve this. both new WAN lines are working 1st mainline microwave and the 2nd fiber we want to creat…

So I am attempting to download a pcap file from x.x.x.x.com/tcpdump.pcap similar to what is outlined in https://support.sophos.com/support/s/article/KB-000038909?language=en_US . I am writing the file to /var/sec/chroot-httpd/var/webadmin/tcpdump…

Complete Noob here trying to get started. To this point I've done the following: My goal setup is as follows: WAN->router->utm->internal network. utm is running in microsoft hyper-v . Configured a bridged interface as follows: 2. Added the following…

Guten Morgen Sophos Kollegen, habe zwar ähnliche Posts gelesen, aber keinen in meiner Konstellation. Deshalb wage ich es mich mit einem separaten Eintrag an euch zu wenden: Ich habe eine SophosUTM9 (aktueller Patchlevel) auf einem Alixboard laufen…

Hello, is there anyway to setup SSL VPN without static ip, there is no option on ssl vpn configure to define the public domain name. This option available on XG and it working fine, but UTM i don't see way to setup remote access without static ip.

Hi Everyone, I would like to ask for your help regarding google meet. When we are inside our private network we can call someone outside our private network using google meet, audio is fine and we are able to see the video of the person on the other side…

Moin! Augenscheinlich bin ich für das einfachste Vorhaben zu doof, denn ich will eine stumpfe Portweiterleitung konfigurieren. Umgebung: Homeedition, Version SFVH (SFOS 18.0.3 MR-3) WAN: Hängt im Fritzbox-Netzwerk TESTCASE: Daran ist eine VM angeschlossen…

Hey guys, having an issue with our UTM here. So we're trying to go hosted VoIP, but having issues getting traffic out of our UTM to hit the host servers. Strange thing is that the mobile app for our provider works fine, on the network, but the desktop…

Hello, We currently have a Sophos UTM SG 210 (REV 1.0). We also have a Fullguard license with Premium Support which expires in January 2021. I'm looking to replace for SG 210 unit and renew the license. We are glad of this solution. However, before…

Hello, i have my vacuum bot installed and connected to my home wifi. I can manage the bot via the app on my smartphone, working fine. But i saw, when im out of the house, not connected to Wifi, and connected to GSM Connection and start the Robot Management…

Dear Community I am faced with a specific issue regarding firewall rules. By default, you can only filter IP networks/ranges, which is fairly sufficient in most cases. However, we need to filter out certain IP ranges coming from in on two interfaces…