Instead of manually entering DNS IP addresses into the DNS fields, it would be nice if we could use an IP host instead. Say you wanted to use google as your DNS. A user could create an IP host called "Google DNS servers" of the two IP addresses 8.8.8…

I would like to get an opinion on firewalled subnets for security. This would be LAN subnets only. Subnet A is servers and subnet B is desktops. Subnets A and B have outbound internet access only. Subnet B (desktops) need to access Subnet A (Servers)…

Good day l have a client with a sophos xg 310, they did a security audit report on their network. and the report came with this queries for DNS server allows cache snooping. l want to Restrict the processing of DNS queries to only systems that should…

Hello, When I use Sophos as the DNS server, I sometimes get a timeout for the DNS resolution. I also tried it directly from the XGS CLI. CLI: XGS107_SN01_SFOS 19.5.4 MR-4-Build718# nslookup google.de. 1.1.1.1 Domain Name Server# 1.1.1.1 Domain Name…

hello configuring DHCP lease on XGS 107 firewall in "DNS server" section there is only 2 fields, is there a way to have the DHCP provide 3 DNS to clients Thanks Elie

Hi, I want some local DNS servers to do DNS over TLS (DoT) and have configured them accordingly. I created a rule allowing TCP 853 for those hosts - both IPv4 and IPv6. Because of IPv6 is assigned via PD I used the client MAC address (on local LAN…

Hello, I've Sophos XG installed in between ISP modem and router. The XG in bridge mode with LAN and WAN bridged together. The router and LAN all have internet access. However, Sophos XG doesn't - what I mean by that I can't update firmware for instance…

When forwarding DNS to servers like 1.1.1.1 or 8.8.8.8, is it possible to do so using DoH?

Hi Sophos Community, I've got a XGS126 on SFOS 19.5.3 with IPsec and SSL VPN enabled. Now my client wants to use VPN to connect to certain Windows machines in the LAN over RDP using the NetBIOS names. Is there a way to do name resolution on the XGS…

good morning we should create a configuration for our 3cx switchboard that resolves the name of the 3cx FQDN to an internal address of our network. The device supplied is XG106w (SFOS 19.5.3 MR-3-Build652), I have not found any guides that solve the problem…

Can the DHCP server register a name/address in DNS

Hi, following problem. We use Sophos Connect Client version 2.2.90.1104 on Windows 10 and 11 and IPSec VPN. We set a prefered DNS on firewall. After the VPN connect, the DNS server is set on the VPN adapter settings in Windows. Than the problem began…

I have the below deployment on my environment Devices/Servers - Sophos XG 210 FW (Assigned it's own Public IP [i.e. x.x.x.67]) - Switch (Cisco ) - Connects all the APs and Servers - 3 Server (1 Web server with it's own Public IP [i.e. x.x.x.68…

Good day, I am facing a strange issue with domain name resolution. Some domains are not resolved by XGS internal DNS. Below are nslookups from XGS Advanced shell. It used to work but suddenly stoped few days ago. Thank you for advice. DNS Configuration…

Hello all, We have deactivated LLMNR via GPO. After that we had the problem that users who work via VPN have more DNS problems. No problems could be found in the internal network. In 90% of the cases, internal resources can no longer be resolved.…

Hi, XGS2300 is our DHCP Server. Currently, DNS settings under Network > DHCP > Default_DHCP_Server are the gateway itself for the Primary, and our ISP for the secondary DNS Servers. Works fine. Our external DNS servers (Network > DNS) are our ISP…

Hello What are correct DNS settings for IPsec remote access client so it would use DNS host entries from firewall?

We have multiple ISP gateways per XG. Is there a way to set DNS server preferences for each particular gateway? WHY? I've added NextDNS as an additional layer of security and for analytics to function properly for each profile I need DNS servers…

Hello! We are using a Hardware Firewall XGS-2100 to connect to two datacenters running our AD Controller there. The AD is also our DNS Server. This worked fine for a long time. For some reason one of the VPN stopped working and one of the AD Controller…

Windows clients work fine and can resolve domain.server.local names just fine over vpn. ios clients on local wifi resolve fine. ios clients on vpn (openvpn) cannot find domain.server.local domain is set in vpn settings, dns server ip is set in vpn…

If someone also has the problem that the Sophos Connect client doesn't replace the DNS addresses then you've found a bug: "This is known to the Sophos Dev team and is going to be fixed with Sophos Connect 2.3 with ID NCL-1383" If you have a client…

Hi all! We manage DHCP and DNS for the end devices via the XG310. Since last week, the Internet connection of the clients is sporadically interrupted. The end devices are correctly assigned IP addresses and DNS by the XG. Neither nslookup or ping…

Hi, our Windows 10 users use Connect Client 2.2.90 with the infamous .pro file to tonnect to XG 19.5.2 Firewall with SSL VPN TCP and access internal resources. The SSL VPN clients use the XG firewall as DNS resolver. The XG uses DNS forward rule for…

There is no option for namecheap. Why is this?

I am currently migrating the SG firewall configuration to XGS. After completing the configuration migration, it appears that the XGS firewall cannot query FQDNs properly. The same FQDN can be queried for two IPs in the SG firewall, but only one can be…