There is an option to set the gateway to be activated manually. Is the process just to login to the firewall and change it from backup to active or is there something that becomes apparent when there is a gateway failure? I checked this documentation…

Customer is installing a new ISP connection but will have the old one for a while as they have WAF to an internal server, and DNS pointing to current ISP PIP. Left Port2 configured as it was. WAN zone, with static IP info. Configured Port3 to be the new…

Hello, Please some help understanding the following scenario: VLAN ID - 400 VLAN ID - 410 On the network with vlan ID 400 I can use the ip gateway from VLAN ID 410 and it works! Rules are applied correctly (from VLAN ID 400). This happens in all the…

Hello, I'm kinda new to networking and I'm currently working on a network lab to enhance my understanding of firewall concepts. My setup consists of the following: Virtual Machines: Kali Linux VM (IP: 192. 168. 10. 128) Windows VM (IP: 192. 168…

Hello, Today I found a case that I've intermittently found in the past, but I decide to bring it up in the forum and try to find a permanent solution. I connected to a public WiFi network with an iPad. The network provided the following through…

Is there a feature in Sophos Firewall to change TTL value of packets so that the authorized users in my network cannot share internet access by creating their personal WiFi Hotspot to connect unauthorized users to access the internet through my network…

Hi there, Need your help and expertise. We have an HA here with Sophos XGS2300 (SFOS 19.5.3 MR-3-Build652). The following problem occurs in particular with Webex Audio / Video. From external to internal and vice versa, the audio and video channel is established…

Hello, I need your kind assistance regarding a new Sophos XGS116 that I am using. Can you please tell me how to set the keep alive interval of a wan interface? It is set to ping at 8.8.8.8 but I do not know the interval of pings, how often they are. …

Hello, We just added a secondary ISP and I set it up as a new WAN interface. A laptop plugged into it gets an IP address and can get out to the internet, so I know it is working. I configured WAN failover (active-backup) and initially didn't modify…

Two on-premises servers are presented. Now is it possible to configure load balancing from Sophos Next-gen firewall? If possible then what kinds of requirements are needed?

Hello guys, my client is migrating from ISP to another. As you can see in the picture, this is gonna be the new topology. Is it possible to configure this way? I want to join Port2 and Port3 as a LAG interface; Port4 and Port5 as another LAG interface…

Hi, I observe a strange behavior regarding UDP Reply Packets on multiple WAN interfaces. Since we have configured a SIP hunting group with our telephone provider, the provider sends option pings on the 3 existing WAN interfaces. 3 DNAT rules are set…

Hi, I am new to sophos firewall world. Yesterday, I discovered that my firewall is still accessible using the default ip address that was assigned for initial configuration. I have discovered that Port 1 has this IP but there is no ethernet plugged…

In many customer-projects we need to change the interface <-> hardware-port associaton within network-projects. I'm aware that you can use XML export/import to do this, but there still the risk to forget about some dependencies and failing manual config…

Hi all, I need some help with redoing my firewall setup. It was done a while ago and I’ve made some mistakes that I’d like to correct but want to minimise the amount of work. Here’s what I have : my firewall is a 6 ports firewall. 2 have been…

There are some errors in the predefined "Internet IPv4..." hosts. This list is the clearly wrong ones imho. Internet IPv4 (129-169) should be "(128-169)" Internet IPv4 (191-191.1) seems completely mislabeled, and likely incorrectly defined altogether…

I've been looking at a strange issue on my devices regarding IPv6 addressing (at least an issue I think is strange). I am not using SLAAC. I have a Sophos XG acting as a DHCPv6 server issuing a private IPv6 prefix, let's call it AAAA:AAAA:AAAA:AAAA:.…

Need some help getting our Sophos XG 136 (LAB) Firewall working with IPv6. ABCDC01: Role = Windows Server 2019 Domain Controller IPv6 = fc00:2222:3333:4444:cccc:dddd:eeee:10/64 IPv4 = Not Enabled Gateway = fc00:2222:3333:4444:cccc:dddd:eeee:ffff…

Hi All... Customer has XG135 (SFOS 19.5.3 MR-3-Build652), Sophos is the main DHCP server for the network, for the last few months we have been battling with a strange issue. Sophos LAN IP is 172.16.0.10 Internal Microsoft DNS server 172.16.0.1.…

Hello! We are planing micro segmentation of our server farm and thus will need a bunch of vlans in the range of 200-300, but there seems to be a limit on how many vlans can be added to a physical interface according to this kb: https://support.sophos…

We have been asking for the DHCP option for TFTP boot options to be fixed and the reply was It is planned to be fixed in the upcoming v20.0.1 MR-1 Can you please post the schedule for the net coming maintenance to be ready for release?

Hello, I have been trying and failing to get SNMP monitoring working for my Sophos XG firewall using PRTG. I have done the following to try and get this working: Enabled the SNMP agent in the firewall config Added the SNMP manager address and…

Is there any way to use SNMP to monitor traffic flow through an IPsec tunnel? I'm successfully capturing port traffic with SNMP but would also like to capture the traffic between our two sites via an IPsec tunnel.

Hello, Can someone help me with my Datto RMM Monitor for Sophos? The policies have been installed way back, but when we replaced the firewall from one of our sites, the Datto Sophos Monitoring is now offline. I am new to both Datto and Sophos community…

Hi all, I have a huge problem with simple ping to NAS VLAN from any other VLAN. I tried almost everything and it just doesn't work. My infrastructure: Sophos firewall with NAS VLAN 2, no DHCP, Synology has fixed IP X.X.2.100 on port 2 with gateway…