Currently I have some trouble providing Firewall access to some load balanced CDN services on Akamai Servers, where the corresponding DNS names have short TTL's when using wildcard FQDN like *.docusign.net when the URL accesses will be demo.docusign.net…

Hello all, I'm used to another known firewall vendor but I decided to give this for my home network a try since the other solution is way too expensive. My goal is to use a single link between my switch and my Sophos appliance so I do not need lots…

Hi, Is there any option to detect internal network port scans from within the network or networks? Like for example using nmap or netcat or others from inside the local network, not from a wan source. I'm posting this in endpoint as well. Thanks…

Hi everyone, I am using a Huawei 3372 LTE stick on my SG-125 with SFOS for a couple years now. It is configured in DHCP mode as a failover WAN connection when the main connection goes down. Up until now this worked as intended but after upgrading the…

I have a problem regarding may rujie AP that connected in sophos firewall XGS2300. I created VLan 172.16.16.16 for employees user(mac binding) and Vlan2 17.15.15.16 for Guest wif(DHCP) from 172.15.15.20-100. My problem was when i tried to connect my android…

Hello, I try@home to migrate from UTM zu SFOS. On the good old UTM there was only one LAN Interface. This was the gateway for some PCs. At the network configuration on the UTM, I configured the real-router-getway as gateway in this one UTM NIC. It…

DHCP requests not routing over IPSEC This has nothing to do with v21.0. It is possible in v18.0. You just have to run a whole stack of CLI commands because the GUI is inadequate. A post by a Sophos staff member to a closed thread which no-one…

I have created a new vlan and dhcp on the XGS, configured the vlan on unifi wifi/switches, I am getting ip however I cannot get internet access. I don't want the vlan to access other vlans however I want computers inside the vlan to communicate with…

Hello. I want to use 1 of the excess LAN ports on the firewall to give out ip address of 192.168.88.x to the pc connected to it. Currently, my firewall gives out ip address in the 192.168.1.x range. I first selected the port, assigned it to the LAN…

We use a block countries rule to control from where our user can connect to the VPN. We noticed two new entrys in the list this morning "Europe" and "Europe Continent" When we take either of them out regardless that Germany is allowed, is Germany…

Hey All, I was wondering has anyone else noticed Netherlands isnt in the country blocking list for Sophos XG ?

Hi all, we moved from LANcom to Sophos XGS SFOS 20.0.2. Fine so far. We migrated last night. Now it comes more and more, that some webclients are unable reach some URLs. Every clients are able to resolve every DNS name. But when putting that DNS…

Hey Folks, while deploying one XGS after another we noticed that Client-IPs in reports e.g. aren't resolved into DNS Names like on our SG/UTM Models. We created a DNS request route: 168.192.in-addr.arpa and domain.local pointing to the internal Windows…

Hello everybody, Hello, I'll explain my case, I have a Sophos XG 106. I have one connected to my LAN pin I virtualized a Windows 11 PC with VMWare Workstation, can I make my virtualized PC benefit from the DHCP that I put on the Lan pin of my Sophos…

Hi, I added some domain names to IP mapping under DNS request route to resolve DNS queries for those domains. The subnets behind these domains are connected through IPsec and are reachable but except one, all other domains are not getting resolved.…

Hey Dears, I have a Sophos firewall version 19, I want to ask if i can deauthenticate an Ip shown in DHCP leased list to force it to obtain new Ip or disconnect it immediately? Thanks

Hi folks, a couple of days ago my network was downgraded/upgraded from 1000/50 to 250/100, all very good. The IP4 address is now static assigned by the RSP DHCP servers. After a number attempts for over an hour and logging a fault with the RSP, investigation…

I am working on migrating functionality from UTM to SFOS on XGS3300 hardware. This organization subscribes to this DNS filtering service: https://www.cisecurity.org/ms-isac/services/mdbr In the UTM, it was easy to bottleneck DNS queries so they are…

I need some help to understand why this firewalls IPv6 gateway is constantly reported as failed. It's XGS126 with SFOS 20.0.1 Because of that Gateway errors I reconfigured it from being an active gateway to a backup failover gateway only. I have…

hello, Can I have a detailed procedure to configure my sophos xg106 as a dns server ? Thanks

Hello Everyone, I am having a little configuration issue with my web server on a VLAN. All my VLANs have internet access but I can't seem to access my web server from outside my network. Can anyone post an example firewall rule from Public IP to VLAN…

I am not planning to use Sophos Central, my XG firewall is standalone. I have a fairly complex security stack setup with a separate IDS/IDS and SOAR type system along with a honeypot outside my firewall protected zones. I would like to automate whenever…

Hi, my current network looks like this. This is a double NAT scenario but works quite well. Now I got a Unifi USG for testing purposes. I'd like to add it between the Sophos XG and the Unifi Switch. The Sophos should keep on managing DHCP, DNS…

Hello, we got 2 new XGS450-firewalls. Currently the configuration is blank. The firewall should manage the vlan traffic. We have 3 branches. They are connected with a cisco mpls-network. Our internet-firewall in the mpls network: Should be…

Hi experts, I have an external web site hosted in the AWS, and the DNS domain name is registered in my local DNS server (Windows 2019 with AD and DNS). I have configurated the DNS options in Sophos XGS as shown below. The website does open for internal…