Hi all, So exported a custom report web surfing report and it contains a lot of information. Is there a way to see just the sites the person visited rather than all other erroneous traffic like certs, etc?

Im trying to figure out why traffic is being dropped between Lan and VPN. I have the firewall rule made to allow traffic. Traffic is passing fine except for traffic on 1 port. It is not showing in the Log but it i did drop-packet-capture this pops up…

Hello everyone, I've configured one of our Sophos devices with some rules and policies . The problem is with the amount of Logs it generates per second! There are too many Information level logs about WAF and other types of log components. So it…

Hi, I have rule 5. It's a DNAT from the WAN IP 188.175.113.182 in to the network to the VoIP server. If I look in the LOG, I see the following: The first line does correspond to rule 5, but what do the other lines mean? They are also marked…

Hi Sophos community, Is there a way to see device reports by device name? In other Firewalls I had this option but it doesn't seem to be an available feature thru Sophos.

Hi all, we want to upload the Sophos XG Logfiles to Microsoft 365 Defender (Cloud App Security). In general the Logfiles are received by Microsoft but in the wrong format. On the Sophos XG we selected "Standard Syslog protocol" and on Microsoft site…

I'd like to export an entire report to PDF from Sophos Firewall but it won't let me. For example, this report is 14 pages but I can only seem to export 200 records max.

Is it possible to filter more than one port in the log viewer? I am trying to find some specific traffic and i want to exclude both 443 and 123 but I cant seem to stack the filters. Thanks!

Dear Sir How and where I trace a Local IP address that is consuming my Internet? Thanks Muhammad Alyas Qaisar

(simple ANY rule with a lot of traffic -> should be in LOG)

Hello, Shortly after we updated to XG 19.5.2 we noticed that DHCP renewals were no longer logging in the System logs of the live viewer. There are no "DHCP Server" events shown at all. There have been no config changes since the update and DHCP is still…

I have a xgs 87 and reports were working fine all of a sudden they just stopped - unit showing connected in sophos central. Have removed and re added also to no avail. how do i get reports working again. PS have done the obvious thing and restarted…

Is it normal that in the FW Logs is sometimes a zone entry and sometimes not? The FW should in any case know what zone the paket comes from/to.

Hi all, UTM had a brilliant logging system, but Sophos Firewall do not log many days behind, which is of no use, because we often need to go further back. Sophos Central logging we also find lacking a lot, ex. dropped packets are not logged (But maybe…

I notice many firewall denied firewall logs created by a rule, that is an allow rule only. Even more strange is, that the port 1027 logged is not contained in the rule. Watching the traffic with drppkt shows no blocked packets. Tcpdump shows the…

Hi folks, I am investigating why one of my VoIP phones has failed. I have searched logviewer and its many sub-menus and not able to find any SIP traffic (UDP port 5060) or even using the ATA's IP address. Please advise how I find the SIP traffic?…

I do not understand why this happens. I noticed it when I was in firewall log and build a filter like this: It does what it should do: If I then switch the log to TLS Inspection, it shows me only allowed traffic. I know that this filter "allowed…

Hi, is it somehow possible to convert FirewallRule XML export from XG or XGS to some readable form for example to Excel with all needed items like list of all used source, destination networks etc. We need to convert XML to some sort of table form for…

Hi, I'm having trouble with the WAF, XGS 2300 v19.5.1 I add the webserver web .xxx.xxx - it has policy ID 129 . But if I go to web .xxx.xxx in the log it shows that web.xxx.xxx has policy ID 43 . I get a 503 error But the policy ID 43 is spsluzba.xxx…

I keep hearing about the Central Reporting and how all the detailed logging is available through it, which has plenty of data points and filters. We are subscribed to Xstream Protection, which includes Central Orchestration, which includes 30 days of…

Hi We're receiving notification almost every day that is stating Message: Reports disk Usage reached 91% exceeding the higher watermark of 90% But when I ssh to it, it shows me 86%. I receive multiple emails in a same day. …

Log Viewer > Firewall goes back by 10 days or so. I need to retrieve Firewall logs for a period of 2 weeks starting 20 days ago. I've learned that XG(S) do not store log files for Firewall rules. From other posts I've also learned that I should use…

Hi Sophos, I'd like to generate a view and report on how many users are concurrently connected to the Sophos Appliances in operation so that we can spec for a replacement unit. IS there such a feature available? We are running SFOS 19.5. We…

Hello, are there any options to see the count of the dropped sessions on the WAN interface over a time period? best regards Harald

Running SFOS 19.5.2 MR-2 on an XG310. In the Zero-day protection section of the Control Center, it shows 0 Recent, 274 Incidents, 330 Scanned. When I click on that, it goes to the Zero-day protection logs, and I get two pages containing a total of 38…