Hello, Over the holiday weekend we upgraded our XG330's from 19.5.4 to 20.0.2 MR-2-Build378. After the upgrade none of our wildcard FQDN rules are resolving/working. They worked perfectly fine prior. This is causing quite a bit of issues for user authentication…

I am currently migrating the SG firewall configuration to XGS. After completing the configuration migration, it appears that the XGS firewall cannot query FQDNs properly. The same FQDN can be queried for two IPs in the SG firewall, but only one can be…

I would like to route my WhatsApp traffic through various gateways. I have established an SD-WAN rule, which currently works only with IP addresses. However, as the IP addresses keep changing over CDN, I prefer to use Fully Qualified Domain Names (FQDN…

I'm migrating to an XGS136 (SFOS 19.5.1 MR-1-Build278). The old firewall published LDAPS on 2 DCs to a specific WAN server that needs to do LDAPS lookups for AD integration. The destination device was set to an FQDN object corresponding to the internal…

Hi all, here is my environment: HQ-------- FW XG AD | DNS SERVER Wbeserver: app.domain.corp BO: (Workgroup)--------- FW XGS: DNS|DHCP|GW There's Site To site IPSec config between HQ and BO . I need to configure "conditionnal forwarder…

Hey guys, following problem: We use a Sophos XGS 3300. Internal Webserver is in DMZ Zone 10.10.10.0. It has an FQDN which will be resolved to an external IP on external DNS servers and to its internal IP on internal DNS servers. From LAN and SSLVPN…

After upgrading one XGS and XG from 18.5 MR3 to MR4 we have issues with our Sophos Central managed APX Accesspoints showing as offline in Central after between 30 and 60 minutes after the upgrade of the Firewall. See: https://community.sophos.com/sophos…

Hi folks, I have a number of sites that use IPv6 addresses,, but the XG does not recognise IPv6 FQDNs, so wondering what the timetable is for including this basic feature? Ian

Sophos officially recommends to not use wildcard FQDN hosts (e.g. *.microsoft.com) even if they come out of the box with XG firewall setup. The XG backend processing for FQDN IP’s used for IPset is not reliable. Therefore, it is quite possible that…

Hello together, I am trying to allow traffic to specific websites using firewall rules with FQDN-Hosts as Destination. Unfortunately this is not alwas working as expected: I try to reach github assets under https://github-production-release-asset…

Hi guys, i am not quite sure if I am studpid and overseeing something obvious or if my sophos is behaving strange. I am using Sophos XG in Microsoft Azure and have set Sophos XG as DNS Server for all systems. Traffic from all Systems to Sophos…

Hello, In a Project I am using Sophos XG (Virtual Appliance in Azure) to achieve the following: In our (new) Azure network environment we neither want nor can use a proxy. Still we do not want to allow all traffic to 80/ 443 TCP. Therefore we need…

Hello to who might concern the following. The issue : build in windows 10 mail client not synchronizing when HTTPS Scan And Decrypt is active ( certificates are installed on the endpoints ). And Google Music Manager ( windows 10 ) not connecting to…

Since Netflix is blocking my connection over IPv6 using a HE tunnel, I tried to block access to Netflix over IPv6 in the firewall so Netflix only uses IPv4. This works fine when I block access to the IP-address of Netflix, but since this also blocks a…

Sorry this is a bit long. Trying to convey all the troubleshooting I did. I've been using XG for a few weeks now and everything is reasonably fine tuned to support my usage. Whenever I run into a site blocked by my rules, I create an FQDN host definition…