Hi, our Windows 10 users use Connect Client 2.2.90 with the infamous .pro file to tonnect to XG 19.5.2 Firewall with SSL VPN TCP and access internal resources. The SSL VPN clients use the XG firewall as DNS resolver. The XG uses DNS forward rule for…

There is no option for namecheap. Why is this?

I am currently migrating the SG firewall configuration to XGS. After completing the configuration migration, it appears that the XGS firewall cannot query FQDNs properly. The same FQDN can be queried for two IPs in the SG firewall, but only one can be…

Hello everyone, today the first occurences of DNS over TLS showed up in one of our customers logs. We have TLS Inspection rolled out at the company and are asking ourselves if the TLS Inspection also inspects DNS over TLS traffic and DNS over HTTPS…

I have using third party DNS provided to point my web server domain to specify public IP. Currently, all setting is in Peplink and i want to remove it. When remove Peplink and direct plug my internet line to sophos, I cannot access my web server from…

Hi, this issue is listed as resolved for 19.0.2 NC-111476 FQDN Subdomain learning isn't working in case of non-SFOS DNS server set for client. We're on 19.5.2 We have a server that downloads files once per day from a FQDN like files.downloadserver…

Hi, Encountering a weird error when trying to attempt using a server for DNS forwarding. We have a few branch offices - each connecting to DC via IPSEC (Connection Type: Site-to-Site / IKEv2) - with the DNS Forwadering Host in the DC. Now here's…

A while ago, I raised what I think is a serious issue with the web filter here: Web Filter Bypass Issue with URL Groups I did not receive any updates other than in the discussion, and apparently it was never fixed (my concern was that malware or users…

When my at-home DNS server which is running running Unbound with Adguard Home DNS contacts the root DNS servers, the root servers are detected as psiphon proxy by the firewall. I do not have any Psiphon proxy app on any of my devices. Is this a false…

Curious if anyone's done this or sees value in it. Our current scenario is we have our AD and integrated DNS hosted in an IaaS provider where no "end users" live. We have migrated all of the remaining Windows servers we have to this location. As part…

Hi; I have 3 DCs for domain in my network. 111.local 192.168.1.11 PDC 192.168.1.12 ADC 192.168.1.13 ADC 192.168.1.1 is a SOPHOS LAN interface ip address Under the DNS host entry, I entered these fields with the DC server ip addresses. (Network…

Hi everyone, So like a lot of others here I've experienced where we get the notification that an attempt to communicate with a botnet or command and control server has been detected. And its always these same three sites: As you can see…

i have dns domain server 10.0.0.1 mask 255.0.0.0 gateway 10.0.0.2 & and ip range is 10.0.0.1 to 10.0.0.254 but now i want to give different ip range to different department like 10.0.1.1 to 10.0.1.254 to support department and 10.0.2.1 to 10.0.2.254 for…

Hello All, We have a setup in which Sophos Firewall acts a hosted filter (VMware). Sophos Firewall acts as a central filter for 10 + sites - i.e internet traffic from 10 sites has to pass through central filter. We have a plan to move sites to serverless…

Good morning everyone, on sophos XGS I configured the client-site SSL VPN, everything works except the resolution of internal names, probably because our internal windows domain has the same name as a public domain that is not ours (I know it's a bad…

Hello, I am using Sophos XGS 3100 UTM device. For about 5-6 months, a DNS query has been made to lookingprovide.com every day and every hour of the day. Sophos ATP blocks this query (C2/Generic-A). When I examine the log records, I see that the source…

Environment: Windows server only Central office with remote offices Each Remote office has DC with DHCP and DNS with it's own Sophos firewall. Each Firewall has connection back to central office firewall We recently had to change IP Schema. The issue…

Hello! I have a need for configuration that has never been necessary before. I have remote users using SSL VPN. In my global SSL VPN settings I give my two internal DNS servers and also the company domain so that name resolution for internal services…

Hi folks, this morning while testing some DNS issues, I changed the WAN interface DNS setting from manual to use DHCP, I refreshed the interface which was reported by the XG as the IP4 component down then up. I tested the settings by using the diagnostic…

Hi All, I'm getting hostname resolution failures from docker containers for local DNS records; they seem unable to handle a rather strange response from the Sophos Firewall DNS service. As far as I can tell, the problem is that the DNS server returns…

With using the XG as DNS responder, is there a logfile that is recording the requests? By looking at Log file details - Sophos Firewall none of those files contain the actual logging of the requests and respondses.

Hi all, here is my environment: HQ-------- FW XG AD | DNS SERVER Wbeserver: app.domain.corp BO: (Workgroup)--------- FW XGS: DNS|DHCP|GW There's Site To site IPSec config between HQ and BO . I need to configure "conditionnal forwarder…

Hi; We have a large server farm behind sophos firewall. There are different domain name AD servers available. I can authenticate users over ADs with these different domains. I can also use AD authentication on SSL VPN connections. No problem till this…

Hi I have a clients XGS87, and the users cannot connect to office 365 for email. When I use policy tester with the url, I get error device could not resolve the url, please update url and try again. When I go to DNS and test the name lookup, it is…

Hello everyone. I have 2 XGS Firewalls connected via SSL Site2Site VPN, which works good. I created a DNS Request Route for contoso.com (changed of course to my setup) to go to DC DNS IP in main office. This worked for quite some time, now it does…