Hi.
I've been battling this for days and finally decided to post it here and seek help.
I've pfSense as the main router and Sophos XG is in bridge mode (for application filtering purposes). There's 1x VLAN involved. The DHCP works fine for the main…
I'm experiencing with the API and Postman. We use a wildcard-certificate and I wants to update all WAF-Rules at once. Becuase the GUI-way ist very hard (every time set the certificate, all domains will be dropped and the domain from the certificate only…
Hi!
I recently got a XGS 108 for home use, however, I am little lost on how to set-up my network now. Currently, I have an ISP modem acting as a bridge, then an ASUS router in a mesh wifi with an access point. The ASUS router is handling DHCP management…
Certificate request fails with secondary validation time out. I can see in the web server protection log viewer that the well known url is being requested with the unique value. I also briefly see that the temporary waf rule is created. Only thing to…
Good day
We are having a challenge, we have a firewall XGS 2100 , some devices that are connecting with wifi, they receive ip address from DHCP in the firewall, we have a firewall rule for the devices with Mac address, but the devices they are not receiving…
Good afternoon, I have a Sophos firewall that is integrated with a Windows Server Active Directory.Can a domain user be blocked from browsing the Internet through Sophos, but allow the computer they use to download and update the operating system, and…
Hello everyone,
we have a XGS set up with SSL VPN, the VPN Portal, AD integration and MFA for every user. Currently we are facing brute force attacks on the VPN Portal. We tried to prevent those by setting up an ACL rule which is blocking countries…
I have two clients that use the same ISP. One client has an XGS87 and the other XGS116. The ISP does scheduled maintenance at night knocking the firewall offline. My clients will have to power cycle the firewalls to get them to connect in the morning…
Hi all,
Sophos XGS SFOS 20.0.2 MR2.
When I try to check a ping: It only accepts IP Addresses or names without capital letter!
I can resolve blabla.domain.local but not BlaBla.domain.local
"Please enter a vlid IP or hostname".
Is that bug or…
Hi all,
I have several SFOS V20 in place. I can nomore add an ip network: "You must enter a network IP address."
There is not much room for making things wrong and I did this couple of times before.
No problem to add an ip host but no chance for…
What is everyone's experience with WAN link load balancing in v20? We're a K12 private school with two identical WAN links from different ISPs, Frontier and Comcast. Our goal is to enable WAN link load balancing in an active-active config, weight 1 and…
I am referencing this documentation https://docs.sophos.com/nsg/sophos-firewall/19.5/API/SYSTEM/Host%20and%20Services/IPHost/operations/AddIPHost&EditIPHost.html There's information on how to add or update an existing IP host object. However, I just want…
SNAT with multiple WAN gateways isn't working..
WAN Gateway 1 = Port3 - its public with /27 worth of aliases
WAN Gateway 2 = Port5 - its public with /28 worth of aliases
(IP Host) SNAT with Port3 aliases work for all of the rules I've created…
Hello All,
We have a Sophos XGS connected to a metered WAN connection, in order for devices to connect to the internet the user must authenticate to the Sophos captive portal and at which point a weekly data transfer quota is applied. This has been…
Good morning.
I have been looking for information about the use of Traffic Shaping / QoS and applied what is indicated but in my case it is not working for me.
I have 2 offices, each with a Sophos firewall.
The server in office A sends data to the…
Hi, we have a problem with transferring syslog from Sophos firewall to the Arcsight SmartConnector. When we try UDP, logs can be seen in connector. However, with TLS communication fails.
This is only example, but ours handshake also fails at Change…
Hi
Configured one more WAN IP in the Sophos XGS136, link is up but traffic is not moving through new link, checked load balancing, everything is looking fine
Pervious link is working fine, however the new link is not working, able to ping 8.8.8…
Hi,
not a huge problem, but I cannot find logic behind. I have XGS-136 in main office, and from there I monitor with PRTG 2 distant branch offices, which both have XGS-87. Interesting, that both branch offices experience increase in PING latency at…
Hi Sophos Geeks!
I'm having a problem accessing my WEB Application using Public IP in my local network but working if I'm accessing it externally.
I already configured the DNAT policy Source zone in Any Zone but still no lock. Currently my version…
Hi there,
since some days, we encounter Bruteforce-Attacks against our Mainfirewall (Sophos XGS):
Access from IP address '92.53.xxx.xxx' is blocked for '30' minutes after '5' unsuccessful login attempts
I've tried to block all requests from…
Hi Sophos Community
After a lot of trial and error I'm hoping you can help me finding a solution to my scenario:
In my home setup I have my wan-interface of the sophos in a transit network. My ISP router forwards any traffic to the sophos. Now…
Hello, we also have 2 DVR devices in our network. I can access it via HTTP (Web). I cannot reach the second device. It seems like it is going to log in to the second DVR device, but it doesn't. It gives ERR_CONNECTION_REFUSED error. I tried many things…
Hi everyone, I have some problems with the STAS service. The picture shows the topology:
I have two locations, the HQ with an XG210, and the branch with XGS136. Both are connected through a VPN tunnel. The STAS server is in HQ location. The communication…
For firewall rules that allows access to a sensitive system (host) and where access is usually not required all the time, it would be nice to have a feature to enable them manually when needed but with a timer that disables the rule after 60 minutes or…