• when will IKEv2 come for remote access?

    LHerzog
    LHerzog
    When will SFOS support IKEv2 for Remote Access? I was expecting a technical problem when I tried to enable IPSec RA and it did not allow me to select the default profile. I could not believe, this is not supported on a modern firewall. Vivek Jagad…
    • 22 days ago
    • Sophos Firewall
    • Discussions
  • Can I create VPN site2site tunnel from XGS as client out to OpenVPN server?

    Andrej Pirman
    Andrej Pirman
    Hi, I cannot find instructions on how, if possible at all, create Site2Site VPN tunnel, from Sophos XGS outbount to OpenVPN server. This is for IP phone service, I created one LAN port for local phones, MASQ via WAN interface....and now I nned to create…
    • Answered
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • [Feature request] 802.1p support for PPPoE/VLAN interfaces

    Samuel Leal
    Samuel Leal
    Hello, I'm seeing more and more ISPs asking for CPE P-bit setting for their connections. As far as i know, Sophos Firewalls still doesn't support this forcing us to use a bridged router supporting this feature in front of the Sophos FW. Please consider…
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • How to download packet capture created from DUI Diagnostic page

    Brennan Kostyniuk
    Brennan Kostyniuk
    Is it possible to download the packet capture created via the GUI?
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • Firewalls do not connect backup to the internet after ISP goes down and back up

    Nicholas Pick
    Nicholas Pick
    I have two clients that use the same ISP. One client has an XGS87 and the other XGS116. The ISP does scheduled maintenance at night knocking the firewall offline. My clients will have to power cycle the firewalls to get them to connect in the morning…
    • Answered
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • IPsec Connections using two Uplinks and DDNS

    FICS
    FICS
    Hello Community, here's the situation: Head Office (HO) : two WAN uplink connections, both have static IPs. One connection is 'cost based' and slower (backup WAN) and the other is quicker and has no traffic costs (primary WAN). Weights have been configured…
    • Answered
    • 2 months ago
    • Sophos Firewall
    • Discussions
  • Feature-request Warning in case of communication failure between Sophos and LDAP

    Patrick81
    Patrick81
    Good morning everyone. Since the function of a company depends on the LDAP query, I would consider it extremely important to receive a warning. If the LDAP query fails. The MTA then no longer checks users if the connection to LDAP is disturbed (it cannot…
    • 2 months ago
    • Sophos Firewall
    • Discussions
  • Display the real IP in Web Application Firewall (WAF) when using Cloudflare

    Saarbruecken
    Saarbruecken
    Many of us are using Cloudflare or similar services to protected their Extranet / Webmail and other public websites using the Sophos WAF. It's possible to display the real IP addresses on any Linux servers behind the firewall by enabling Pass host header…
    • 2 months ago
    • Sophos Firewall
    • Discussions
  • Block or report on PPTP centrally

    Stuart James
    Stuart James
    I have 200+ firewalls that have been out there for quite a well and I've found a few which still have PPTP enabled from a different era. Staggering. For some reason, PPTP isn't in Central Partner firewall templates so can't disable there. Can't disable…
    • 2 months ago
    • Sophos Firewall
    • Discussions
  • Sophos XGS is not compatible with VLAN ID 0 (Null VID) frames as defined in 802.1Q

    Jonathon Bauer
    Jonathon Bauer
    TLDR - IEEE 802.1Q reserves VLAN ID 0 for a special purpose. Sophos XGS firewalls do not implement this special purpose correctly, preventing communication with some ISP Gateway modems. The request for proper implementation of VLAN ID 0 handling is being…
    • 2 months ago
    • Sophos Firewall
    • Discussions
  • Schedule firewall rule - disable it after some time automatically

    LHerzog
    LHerzog
    For firewall rules that allows access to a sensitive system (host) and where access is usually not required all the time, it would be nice to have a feature to enable them manually when needed but with a timer that disables the rule after 60 minutes or…
    • 3 months ago
    • Sophos Firewall
    • Discussions
  • Notifications or alerts on the Pocket loss and Latency of the WAN link

    Firewall Monitoring
    Firewall Monitoring
    Hi, We have configured the SDWAN profiles for the WAN links and we are observing the pocket loss and latency on the particular link, Is there any way to get the notifications on these profiles over mail or SNMP ?
    • 3 months ago
    • Sophos Firewall
    • Discussions
  • Sophos Web-Content-Filter over all products? (XGS - EP - DNS Protection)

    Valvaris Sigma
    Valvaris Sigma
    Hello Sophos-Team, is this maybe in the works were we can have a Central - Content Filter Setting - for all Products. Because troubleshooting ATM is kind of meh... if you use all protections at once. Sophos Endpoint-Protection -> Sophos XGS Firewall…
    • 3 months ago
    • Sophos Firewall
    • Discussions
  • Block inbound emails by email domain extension

    Nuno Mota
    Nuno Mota
    Hi, I would like to block inbound emails by email domain extension in my SOPHOS FIREWALL, for example: .ru .cn Now i'm blocking by the complete domain (*@domain.extension), but i would like to block by domain extension. Thanks Nuno Mo…
    • 4 months ago
    • Sophos Firewall
    • Discussions
  • Language change for Quarantine Digest Report

    Maximilian Lautz
    Maximilian Lautz
    Good Day, As I only found old posts about this subject, here is the question still at hand: Is changing the language of the Quarantine Digest Report Email a thing yet or not? (Or even better - Writing your own) This has been requested a few…
    • Answered
    • 4 months ago
    • Sophos Firewall
    • Discussions
  • configure mobile WAN as backup line

    GernotMeyer
    GernotMeyer
    Hi all, any hints to configure mobile WAN as backup line? wired WAN is default but when line is down mobile WAN should jump in place. Mobile WAN must be turned on or not? WWAN Interface must be to automatic or manual? Thanks for help …
    • 3 months ago
    • Sophos Firewall
    • Discussions
  • Scheduled shutdown and start (no power during night)

    Markus Heidemann
    Markus Heidemann
    Hello Team, what would you recommend to handle known power loss on a reoccuring schedule? "Problem" is that this leads to alerts "Firewall has not contacted Sophos Central for the past 5 minutes". (Sophos Central setup) We have a Sophos firewall…
    • Answered
    • 4 months ago
    • Sophos Firewall
    • Discussions
  • XG- Firewallrule Visualization like Graph or plantuml possible?

    SenorChang
    SenorChang
    Hi, With growing rulesets on our XG, it t would be nice to have a GUI that visualize the connetions. I didnt see a feature, neither on the GUI nor in central, that can visualize the connected Points with services and source/destinations. Is there a…
    • 4 months ago
    • Sophos Firewall
    • Discussions
  • SSL VPN users password need to expire automatically after specific days

    Kiran Jedhe
    Kiran Jedhe
    Hi, Is there any option for ssl vpn user password will expire after specific days. Note:don't suggest AD.
    • 4 months ago
    • Sophos Firewall
    • Discussions
  • DNS Names do not resolve for Clients in Reports - only IPs are shown

    Peter Riederer
    Peter Riederer
    Hey Folks, while deploying one XGS after another we noticed that Client-IPs in reports e.g. aren't resolved into DNS Names like on our SG/UTM Models. We created a DNS request route: 168.192.in-addr.arpa and domain.local pointing to the internal Windows…
    • 4 months ago
    • Sophos Firewall
    • Discussions
  • Deauthenticate an IP address from DHCP leased

    Ehab Ali
    Ehab Ali
    Hey Dears, I have a Sophos firewall version 19, I want to ask if i can deauthenticate an Ip shown in DHCP leased list to force it to obtain new Ip or disconnect it immediately? Thanks
    • 4 months ago
    • Sophos Firewall
    • Discussions
  • sophos xg125 vpn client with smartcard authentication

    Udo Wack
    Udo Wack
    Dear community, In our company, logging in to the domain will only be possible with a smart card and without entering a password in future. In our case, this is a Yubikey 5. Is there any way to integrate the SSL VPN clients via smartcard? Kind regards…
    • 4 months ago
    • Sophos Firewall
    • Discussions
  • Maximum limit for authentication server is 20

    Hydro4711
    Hydro4711
    Hello, i reach out to all of you as we are in a really bad situation. We are hosting several customers with active directorys and we just recently started migrating from UTM to XGS. Today we learned, there is a maximum of 20 servers you are allowed…
    • Answered
    • 4 months ago
    • Sophos Firewall
    • Discussions
  • Integrate synthetic allowlist in a rule without WAF

    Oliver Schnürer
    Oliver Schnürer
    Dear community, As a firewall noob I am wondering how to integrate a dynamically changing list of IPs into an allowlist for a specific firewall rule. As a home user I unfortunately have no access to the "Web protection subscription", only "Base Firewall…
    • Answered
    • 5 months ago
    • Sophos Firewall
    • Discussions
  • Change SSH default port in Sophos XGS

    Antonio Ferreira1
    Antonio Ferreira1
    Hi Experts. I'm willing to know if It is possible to change SSH default port to other than port 22 (port range available is 1:65535). The reason is to increase security on SSH access. In Sophos UTM Firewall this change is very simple to do (Management…
    • Answered
    • 4 months ago
    • Sophos Firewall
    • Discussions
  • View related content throughout Sophos Firewall
  • More
  • Cancel
>