Hello Team. I recently deployed a sophos xgs 3300 firewall. I am very green in regards to the firewall but I have managed to set it up and get the LAN and remote sites to access the network services. The challenge I am facing is making my public servers…

Dear Team, How to configure NVR rule on firewall. So that I can access the cameras through static IP from anywhere. Regards, Satpal.

Problem: When I go to the portals from my LAN zone I can get into all of them except the captive portal. Ports 4443 (user) , 4444 (admin) work. Port 8090 gives me an error in the browser: Firefox v133.0: PR_END_OF_FILE_ERROR Chrome v131.0.6778.87: ERR_CONNECTION_CLOSED…

On one of our XGS-firewalls, we need a NAT rule for HTTP/HTTPS. On this firewall, it's not possible to create or renewal a Let's Encrypt Cert. We need to disable the NAT rule, then it works to create/renewal the certificate. But this can't be the…

We recently upgraded our Sophos XGS 4300 to SFOS v21. Since then, we are finding that a number of our users were receieving connection reset messages in their browser (Edge and Chrome) when attempting to access some websites with transparent TLS decryption…

Hi folks, a question for those who can provide guidance and maybe even answer. The daily report shows various classifications for NTP type traffic. 1/. 2/. 3/. I was reviewing the hairpin NAT configurations and found there were some items…

how to allocate bandwidth limit to specific IP or IP class?

Hello, we have an question because in the past we have problems with DNAT when configuring our two WAN-links as active/passive. As a workaround we configured the two interfaces as active/active, but now the problem is the second link (which is limited…

Hello community, We want to fetch a list of IP addresses from a webserver and (dynamically) import them into a host group on our firewall (Sophos XGS3100 Vers. SFOS 20.0.2 MR-2-Build378 ). Our plan is to use the API along with a Python script that downloads…

on a sophos firewall (e.g. xgs136) I can view the interface statistics via the CLI. (command: show network interfaces) At the output I notice that there are many dropped packets at RX state (receive).(LAN Interface) Port1 Zonetype:LAN MAC Address…

Hello, I have a problem with mainly HTTPS connections showing up in the log as Invalid Traffic / Invalid TCP state. See screenshots below. example domain is https://telekom.de I have 2 Internet connections with separate NAT and SD-WAN routes. Routing…

Hi all, I have a XG135 firewall and several RED devices, I also have several devices from Ubiquiti (UNVR and CloudKeys) and they are causing problems. Ubiquiti support keeps telling me that I need to allow access on UDP port 123 which they use for NTP…

Dear all, I am facing a problem that my WAN Port always showing RED and i could not ping the WAN Gateway. At the same time, the same line with the same Static ip address is working in my laptop / nearby desktop without any problem. Kindly let…

Hello, Since the XG Firewall does not have countries for IPv6, I have created my own countries based on published IPv6 address ranges which can be found here https://www.ipdeny.com/ I created a LAN to WAN rule to block access to a country and a WAN…

Hi all, I created a new alias interface but missed on digit, so the address doesn´t belong to a existing interface configuration. Now I cant delete that alias because its not showing up in gui. Is there a way do get rid of that alias via console?

Hello, Need your recommendations, we want to implement a SFTP server to exchange data from and to one of external partners. I am planning to add the server to DMZ group and just restrict FTP protocol to it. Create a NAT rule also i want to force the…

I have a customer who has 4 Sophos Switches and 1 Sophos Firewall. He intends to connect them in a ring with Firewall as a Gateway. So here is the planned setup: Sophos XGS Firewall as Gateway with 2 interfaces as bridge mode: Port 1 Bridge Mode on…

Hi all, We are having a few problems with our VOIP phones. I believe it may be to the firewall, but I not 100% sure. I need to allow an IP address range and some ports. I have created a firewall rule, but I cannot see that any traffic being logged…

Hello everyone, I am attempting to redirect all requests made to 192.168.10.5 to 172.16.10.5. The VPN is working properly on both sides. Sophos XGS: DNAT Through Routed VPN Details: #VPN Working 100% LOCAL-LAN: 192.168.10.0/24 (Sophos) REMOTE…

Hello community, I am currently working on a SG to XGS migration for one of our customers. The customer had a bunch of local firewall users. Many users have alias email addresses configured on the SG firewall. Unfortunately, I am not sure how…

Good evening, Back testing XG Home, does v21 support hardware acceleration for IPsec and SSL VPN tunnels? I have XG Home installed on a XG230 R2 at mo, I have a XG135 R3 that has pfsense + on it atm, so pending successful testing, planning on dropping…

Hi. I've been battling this for days and finally decided to post it here and seek help. I've pfSense as the main router and Sophos XG is in bridge mode (for application filtering purposes). There's 1x VLAN involved. The DHCP works fine for the main…

I'm experiencing with the API and Postman. We use a wildcard-certificate and I wants to update all WAF-Rules at once. Becuase the GUI-way ist very hard (every time set the certificate, all domains will be dropped and the domain from the certificate only…

Hi! I recently got a XGS 108 for home use, however, I am little lost on how to set-up my network now. Currently, I have an ISP modem acting as a bridge, then an ASUS router in a mesh wifi with an access point. The ASUS router is handling DHCP management…

Certificate request fails with secondary validation time out. I can see in the web server protection log viewer that the well known url is being requested with the unique value. I also briefly see that the temporary waf rule is created. Only thing to…