Hello everybody, Even though I apply exclusion settings for some websites, ssl is getting blocked in tls part. I have given all permissions to the relevant website. When I check the policy test section, it shows allow, but I couldn't understand where…

Hey, We got our firewall setup as if you don't have sophos endpoint agent installed you don't have internet access. The problem is : you can't install sophos endpoint agent if you don't have sophos endpoint agent installed first because having sophos…

Hello, i installed yesterday the firmware. After that i was faced with following issue: In SSL Inspection i habve 3 rules in the following order: 1. Exclusions by website 2. a rule with no decryption enabled from LAN with the Range of Smartphones…

Hello, I’m seeing that our Sophos XG firewalls are blocking M365 install and updates. What is the best way to push the M365 exceptions out to all firewalls? We currently have about 25 XG firewalls. I found the article Sophos Firewall: Configure web…

On a XG(S) Firewall the default exception rule "Legacy HTTPS Exceptions" is not in regex notation. Example: When you enable this rule, not only dropbox.com is not decrypted, but also for example secure-dropbox.com People with bad ideas can register…

Hello, At work I have a situation that Sophos Support has been unable to resolve. We use Addigy as our RMM for Apple devices, to have remote connections it uses Splashtop. We have not able able to add sufficient exceptions or maybe I am doing…

Hi, today we're facing something new: issues when rolling out the Sophos Endpoint to Mac Books. Windows Endpoints: no problem. They fail to install. Workarounds like https://support.sophos.com/support/s/article/KB-000044045?language=en_US were unsuccessful…

Hi, We recently deployed a couple of XGS107w units (SFOS 19.0.0 GA-Build317) and have been unable thus far to configure them to allow client devices to connect to ESET servers for updates and LiveGrid. The only filtering enabled on these routers are…

Hello, I need to create a authentication exception in XG for the webproxy. There is one internet rule, that is applying a webpolicy, this rule requires authentication. Additionally in the webpolices, users are also configured. Webproxy configured within…

I've continued this post in "Looking at awarrenhttp_access.log for FQDNs" as I was having problems doing that, and through that post I found a domain that pointed me in the right direction, but is still ongoing in trying to fix the issue with Parallels…

hello I have an xg210 and im trying to allow the activation of office 2021 i added all the urls in the web exception , and gave allow all to a specific ip to test , still it is not working nothing is shown as blocked in the logs edit : when…

Hi all. I'm running Sophos XG Home Edition ( SFOS 19.0.0 GA-Build317). Whatsapp Calls are being blocked, I have no Web Policy or Application Control being used by Firewall rule. Any services are allowed from LAN to WAN. Can't see that anything…

Hallo, ich versuche gerade die Software AGENDA upzudaten, aber leider sagt mir die Software: keine Verbindung zum Internet...ich habe aber Internetverbindung. Die Beschreibung in der Agenda Hilfe ist auch nicht wirklich aussagekräftig: hier mal der…

Hello friends, I have a question i hope that can help me. I have a web filter policy to Video Hosting category. It works fine, but now i want to allow youtube access, i made the exception following this steps: Login to Firewall Web Admin > Click…

Is there a way to import the O365 exception file to the firewalls via Sophos Central? The tar file is usually imported from the Import tab in the backup/Firmware section of XG GUI which is not available in the sophos central thanks SC

XGS4500 (SFOS 18.5.3 MR-3-Build408) Since new this device has duplicate Exceptions (example below), there are 5 of them. There is what looks like a factory one (no delete option) and a second one with 'Original' After the name. I cannot delete the one…

Microsoft lists all their endpoints and has a service that publishes these. They have an API to get the latest list. I wanted a way I could update objects in my XG/XGS firewalls with these endpoints as objects. This isn't build in by Sophos so I wrote…

We are migriting SG to XGS and one missing feature is that we have to add networks to E-Mail Exceptions. E. g. we often had problems using greylisting with O365 or Google-Mail. They have lists of networks that should be excluded in the greylisting. The…

Hi Community, Sophos XG adds a few default web filter exceptions with all of them enabled except legacy, see screenshot below When you add an appliance to a central group every exception will be cloned with a name suffix "Original" which could be…

Hello, I have some users on my LAN trying to update their MacBooks pro (everyone with the HTTPS decrypt enabled), but they are having troubles. Can someone tell which https decryption exception should I add, so they can update their MacBooks? And…

Hi community, I'm not an expert, therefore, please bear with me. :) I'm using SFOS 18.5.2 MR-2-Build380 I hope this is the latest firmware. "www.ebay.com" was falling under the " Auctions & Classified Ads " category in the web filter option in Sophos…

After I migrated from an XG85 to XGS87, I can no longer download Adobe Creative Cloud updates. I get error 113 which is a vague error that indicates the problem is on my end. My XGS87 is set up primarily with the defaults. I'm using XGS87 (SFOS 18.5.2…

Currently we have to create exceptions for Office 365 in the web filter by following the guide here: Sophos Firewall: Configure web exceptions for Office 365 It would be nice if the exceptions could auto-update the list of IP's and URLS from http:/…

We have a URL Filtering Exception for all apple.com traffic. See below. ^([A-Za-z0-9.-]*\.)?apple\.com\.?/ Is it possible to craft/recreate the above to apply the exception to all apple.com traffic except music.apple.com ? Therefore blocking music…

Hello, Once that a policy checks exception has been created, can I ignore this same exception for a specific group by a firewall rule (it can be by a IP Range, IP list, networks, Host Group, by selecting an entire in interface... it doesnt 'matter)…