Is there a feature in Sophos Firewall to change TTL value of packets so that the authorized users in my network cannot share internet access by creating their personal WiFi Hotspot to connect unauthorized users to access the internet through my network…

Hi there, Need your help and expertise. We have an HA here with Sophos XGS2300 (SFOS 19.5.3 MR-3-Build652). The following problem occurs in particular with Webex Audio / Video. From external to internal and vice versa, the audio and video channel is established…

Hello, I need your kind assistance regarding a new Sophos XGS116 that I am using. Can you please tell me how to set the keep alive interval of a wan interface? It is set to ping at 8.8.8.8 but I do not know the interval of pings, how often they are. …

Hello, We just added a secondary ISP and I set it up as a new WAN interface. A laptop plugged into it gets an IP address and can get out to the internet, so I know it is working. I configured WAN failover (active-backup) and initially didn't modify…

Two on-premises servers are presented. Now is it possible to configure load balancing from Sophos Next-gen firewall? If possible then what kinds of requirements are needed?

Hello guys, my client is migrating from ISP to another. As you can see in the picture, this is gonna be the new topology. Is it possible to configure this way? I want to join Port2 and Port3 as a LAG interface; Port4 and Port5 as another LAG interface…

Hi, I observe a strange behavior regarding UDP Reply Packets on multiple WAN interfaces. Since we have configured a SIP hunting group with our telephone provider, the provider sends option pings on the 3 existing WAN interfaces. 3 DNAT rules are set…

Hi, I am new to sophos firewall world. Yesterday, I discovered that my firewall is still accessible using the default ip address that was assigned for initial configuration. I have discovered that Port 1 has this IP but there is no ethernet plugged…

In many customer-projects we need to change the interface <-> hardware-port associaton within network-projects. I'm aware that you can use XML export/import to do this, but there still the risk to forget about some dependencies and failing manual config…

Hi all, I need some help with redoing my firewall setup. It was done a while ago and I’ve made some mistakes that I’d like to correct but want to minimise the amount of work. Here’s what I have : my firewall is a 6 ports firewall. 2 have been…

There are some errors in the predefined "Internet IPv4..." hosts. This list is the clearly wrong ones imho. Internet IPv4 (129-169) should be "(128-169)" Internet IPv4 (191-191.1) seems completely mislabeled, and likely incorrectly defined altogether…

I've been looking at a strange issue on my devices regarding IPv6 addressing (at least an issue I think is strange). I am not using SLAAC. I have a Sophos XG acting as a DHCPv6 server issuing a private IPv6 prefix, let's call it AAAA:AAAA:AAAA:AAAA:.…

Need some help getting our Sophos XG 136 (LAB) Firewall working with IPv6. ABCDC01: Role = Windows Server 2019 Domain Controller IPv6 = fc00:2222:3333:4444:cccc:dddd:eeee:10/64 IPv4 = Not Enabled Gateway = fc00:2222:3333:4444:cccc:dddd:eeee:ffff…

Hi All... Customer has XG135 (SFOS 19.5.3 MR-3-Build652), Sophos is the main DHCP server for the network, for the last few months we have been battling with a strange issue. Sophos LAN IP is 172.16.0.10 Internal Microsoft DNS server 172.16.0.1.…

Hello! We are planing micro segmentation of our server farm and thus will need a bunch of vlans in the range of 200-300, but there seems to be a limit on how many vlans can be added to a physical interface according to this kb: https://support.sophos…

We have been asking for the DHCP option for TFTP boot options to be fixed and the reply was It is planned to be fixed in the upcoming v20.0.1 MR-1 Can you please post the schedule for the net coming maintenance to be ready for release?

Hello, I have been trying and failing to get SNMP monitoring working for my Sophos XG firewall using PRTG. I have done the following to try and get this working: Enabled the SNMP agent in the firewall config Added the SNMP manager address and…

Is there any way to use SNMP to monitor traffic flow through an IPsec tunnel? I'm successfully capturing port traffic with SNMP but would also like to capture the traffic between our two sites via an IPsec tunnel.

Hello, Can someone help me with my Datto RMM Monitor for Sophos? The policies have been installed way back, but when we replaced the firewall from one of our sites, the Datto Sophos Monitoring is now offline. I am new to both Datto and Sophos community…

Hi all, I have a huge problem with simple ping to NAS VLAN from any other VLAN. I tried almost everything and it just doesn't work. My infrastructure: Sophos firewall with NAS VLAN 2, no DHCP, Synology has fixed IP X.X.2.100 on port 2 with gateway…

We have been allocated an IPv6 /48 from our ISP. I plan on using Global/Public IPv6 addresses for my clients utilizing /64 networks from that /48. Kinda one of the main goals for IPv6 to not have to NAT behind a public address. I am able to successfully…

Hi everyone, I can confirm that (to me :-) there seems to be a bug if you have more than one WAN interface with PPPoE: The " Schedule time for reconnect" under "Network" -> "Interface" -> WAN-Port will not be respected though it will show correctly…

Good evening everyone, a customer of mine has currently patched an XGS firewall (SFOS 20.0.0 GA-Build222). The customer had a vulnerability scan with a result of 1 Medium CVSS. Namely: DNS Server Recursive Query Cache Poisoning Weakness www.tenable…

Hello, We are doing inventory work and we want to know the MACs of the interfaces of our 2 Sophos firewall but I don't see any information online Someone can help me out? Thanks and regards

Hello, Using the Sophos API (v20) ( https://docs.sophos.com/nsg/sophos-firewall/20.0/API/index.html ), authentication works whether it's a local account or an Active Directory account. However, when creating a VLAN through the API, an error occurs…