Greetings everyone! I'm going to replace my UTM tonight with my new XGS136. Our domain controller will be primary DNS, and the XGS will be secondary. On the domain controller I set the forwarder to be the firewall. These are my settings. Have I set…

Hello All, I'm switching over to an XG firewall, and I can't get my Domain Controllers' DNS to resolve their forwarders. I can see the packets being allowed out and seem to have upstream bandwidth, but in Live Connections under DNS the downstream…

I have a Sophos XG 85 v17 with a site-to-site vpn running to a Ubiquiti UDM Pro. The tunnel is working great despite DNS not resolving from either end through the tunnel. The XG subnet is 10.10.10.0/24 and the Ubiquiti subnet is 10.0.0.0/24. I can ping…

Hey, So I have this DHCP VLANS all like this and DNS like this From any computer in VLAN 100 I can ping another computer in VLAN100 like this ping cws-yellow-room But, if I try to ping a server (by name and not…

Hi, I have a question about Web content filtering using either Web proxy or DPI-SSL and DNS requests/resolution. I have Sophos firewall set up in bridge mode with Netgear router as the gateway and for DNS. The Netgear router handles DHCP and DNS…

Hi! Recently I implemented my Sophos XG as local DNS server, but it does not resolve public DNS names. My setup is that I have some router working as DHCP server. Sophos is "work in progress", with WAN interface on the same subnet as router. It also…

Hi, I got a Remote Access IPSEC working on an XGS2300 (v19). It worked but was unusably slow. Sophos support suggested I disable "Use as default gateway" and explicitely add resources VPN clients could see. I want them to see the entire LAN, and the…

Hi In my network environment, i am noticing a lot of TCP Latency and DNS retry issues. Currently i am using Unifi Switches and Unifi APs as network devices and they channel the traffic to the XG-115. I have reached out to Unifi support team to see…

Hi guys, I am using a Sophos XG v19 as gateway and try to connect via SSL VPN from a Linux notebook. I configured the SSL VPN as in the sophos own video-tutorial and I found some other tutorials showing the same steps. When I try to connect from…

Hello, I think i'm stupid. When i connect with the Sophos SSL VPN client and if I then try to access my NAS via DNS names, it is not found. If I \\myNAS. use it works. nslookup has a DNS request timed out, but he resolves it. Can someone tell me how…

We have a ongoing issue with Sophos Connect 2.0 and IPSec VPN connections where DNS resolution is extremely slow at first and sometimes never resolves itself. For example a user connects to the VPN and then tries to open a network drive then gets a error…

Hi, We have the Sophos XG and XGS UTMs behind an other firewall (not controlled by us). However the admin of that other firewall complains about a lot of DNS traffic coming from our Sophos. we tried dropping any DNS traffic from within the Sophos and…

Hello all I want to create NAT + Access rules for DNS and NTP so any UDP 53 and UDP 123 traffic targetted for WAN gets redirected to internal servers. Can anyone suggest how that can be achieved? Thanks A

We have moved over a customer from SSL vpn to IPSEC connect client vpn but now when they use the built in VPN on an Apple iphone it looks like they arent receiving the DNS server IP that is specified in the IPSEC remote access section on the Sophos XG…

I have my XG106 with v19 GA behind my XG125 with v18.5.2 MR2 for home testing. The only thing connected to the XG106 is the WAN link which feeds into a port on the XG125. The strange thing is I see in the XG125 logs is that the XG106 is making multiple…

Looking to have a sophos firewall at an edge site perform a DNS rewrite as it sees the request come through for specific non-owned remote sites. Can this be done? I've done this previously on the Check Point platform, but am not finding a specific place…

Short version: is there a way to propagate mDNS/DNS-SD advertising from one subnet/zone/vlan to another? Long version: (notes added at end 10/5/22) Running own hardware with SPOS 18.0.6 Build 655. I wish to segment my network, with some “dodgier…

We are seeing a lot of timed out DNS requests when using Quad9 as DNS provider. Timeout does not happen when we use Quad9 directly on windows/linux hosts but only when we use it trough Sophos XG FW. Is the DNS query timeout set so aggressive on XG…

Hi, ich bin neu in der Sophos Welt und habe bisher folgende Config aufgesetzt: Sophos Firewall Model: XGS126 mit diversen APX 120 Access points. Das ISP Signal kommt von Vodafone Kabel Deutschland über eine Fritzbox 6660 im Bridge mode. Das Signal…

Running XG 18.0.6 on my own hardware. Short version: How do you log activity of: a) DNAT rule which diverts DNS to the Sophos LAN Port b) The DNS service itself I can do some packet capture, but the logging tool seems to ignore a DNAT rule terminating…

HI Well were finally on out migration fromUTM to XG. First thing I;m got a question is the availabity groups on XG. Any way you can replicate the availability group functionality on XG?

Hello everyone, I'm pretty new to Sophos and have recently run into this problem. My setup is all in VMWare: The Sophos machine is bridged directly to the internet (WAN) and it's also connected with a Windows 10 Virtual Machine (LAN) So I expect the Windows…

Hi! I've installed the client of the SSL VPN. The connection works, but the DNS ip that the Sophos (XG 125) is releasing is fec0:0:0:ffff::1%1 . Under Network -> DNS I've selected Choose IPv4 DNS server over IPv6 . I can ping Internet DNSs, but not internal…

Hi, If I have multiple addresses listed under a dns entry, does this act like the failover group on the UTM or a round robin DNS? The documentation makes no mention of the implications of having more than one address listed for an entry. I'm setting…

Hi there, Sophsos Connect v2.1.20.0309 + SophosXG 18.5.2 + Windows 10 1809 After a certain time the name resolution does not work anymore, only "nslookup". Restarting the device, this works again for a certain time. There are some problems with "sophos…