• Sophos 115 REV2 with XG Home license and PPoE DS-Lite?

    Robert Schaller
    Robert Schaller
    My setup is as follows: I have a 1&1 VDSL250 connection with DS-Lite. At the entry point, I want to install a modem directly (ZTE H186), which also establishes a link to the provider. On the Sophos firewall, I enter the PPPoE login credentials. According…
    • Answered
    • 7 days ago
    • Sophos Firewall
    • Discussions
  • Sip from one internal zone to another

    Michael Pousen
    Michael Pousen
    We have our telephones in their own network zone - the Phone. I would like to have have a few mobile devices in a different zone with a sip client be able to access the pbx. Created a rule to allow udp 5060, what our pbx is setup to use for sip, and yet…
    • 13 days ago
    • Sophos Firewall
    • Discussions
  • Guidance on Traffic Shaping and QoS Configuration in Sophos Firewall Home Edition

    Kramnai
    Kramnai
    Hello As I am gradually migrating from MikroTik to Sophos Firewall Home Edition at home due to its more advanced security features, I have some clarifications regarding traffic shaping. Current Setup: I am using a Multi-WAN configuration where…
    • 13 days ago
    • Sophos Firewall
    • Discussions
  • cannot ping from sophos device

    Charlie Dodd
    Charlie Dodd
    Hi I am using SFOS 21.0.0 GA-Build169 and noticed that when I use the ping diagnostic tool in the Sophos interface it doesn't work when I select an interface (eg ping using an IP in my networks) I logged into the console of the Sophos device and got…
    • 14 days ago
    • Sophos Firewall
    • Discussions
  • DMZ Configuration

    Geoffrey Njoga
    Geoffrey Njoga
    Hello Team. I recently deployed a sophos xgs 3300 firewall. I am very green in regards to the firewall but I have managed to set it up and get the LAN and remote sites to access the network services. The challenge I am facing is making my public servers…
    • 20 days ago
    • Sophos Firewall
    • Discussions
  • xg firewall rule for nvr

    SATPAL BHATIA
    SATPAL BHATIA
    Dear Team, How to configure NVR rule on firewall. So that I can access the cameras through static IP from anywhere. Regards, Satpal.
    • 21 days ago
    • Sophos Firewall
    • Discussions
  • Unable to access captive portal using Lets Encrypt certificate

    Tyler VanDorn
    Tyler VanDorn
    Problem: When I go to the portals from my LAN zone I can get into all of them except the captive portal. Ports 4443 (user) , 4444 (admin) work. Port 8090 gives me an error in the browser: Firefox v133.0: PR_END_OF_FILE_ERROR Chrome v131.0.6778.87: ERR_CONNECTION_CLOSED…
    • Answered
    • 21 days ago
    • Sophos Firewall
    • Discussions
  • v21 Let's Encrypt Cert creation and renewal fails, whan NAT Rule for HTTP/HTTPS exists

    PCPCH
    PCPCH
    On one of our XGS-firewalls, we need a NAT rule for HTTP/HTTPS. On this firewall, it's not possible to create or renewal a Let's Encrypt Cert. We need to disable the NAT rule, then it works to create/renewal the certificate. But this can't be the…
    • 21 days ago
    • Sophos Firewall
    • Discussions
  • Sophos Firewall v21.0 GA - Kyber TLS (Edge/Chrome) connection reset error for transparent TLS decryption

    AIFS IT Support
    AIFS IT Support
    We recently upgraded our Sophos XGS 4300 to SFOS v21. Since then, we are finding that a number of our users were receieving connection reset messages in their browser (Edge and Chrome) when attempting to access some websites with transparent TLS decryption…
    • 24 days ago
    • Sophos Firewall
    • Discussions
  • Classification query

    rfcat_vk
    rfcat_vk
    Hi folks, a question for those who can provide guidance and maybe even answer. The daily report shows various classifications for NTP type traffic. 1/. 2/. 3/. I was reviewing the hairpin NAT configurations and found there were some items…
    • 24 days ago
    • Sophos Firewall
    • Discussions
  • Bandwidth Limit

    Jabir V
    Jabir V
    how to allocate bandwidth limit to specific IP or IP class?
    • Answered
    • 27 days ago
    • Sophos Firewall
    • Discussions
  • 2 WAN-Links (use primary one, and only if failover the second) - Problem with DNAT on failover Interface

    nils50122
    nils50122
    Hello, we have an question because in the past we have problems with DNAT when configuring our two WAN-links as active/passive. As a workaround we configured the two interfaces as active/active, but now the problem is the second link (which is limited…
    • 29 days ago
    • Sophos Firewall
    • Discussions
  • How to import an external ip list into an ip host group via API

    support_einsal
    support_einsal
    Hello community, We want to fetch a list of IP addresses from a webserver and (dynamically) import them into a host group on our firewall (Sophos XGS3100 Vers. SFOS 20.0.2 MR-2-Build378 ). Our plan is to use the API along with a Python script that downloads…
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • a small question about understanding network statistics (CLI)

    Thomas op het Veld
    Thomas op het Veld
    on a sophos firewall (e.g. xgs136) I can view the interface statistics via the CLI. (command: show network interfaces) At the output I notice that there are many dropped packets at RX state (receive).(LAN Interface) Port1 Zonetype:LAN MAC Address…
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • Invalid Traffic / Invalid TCP state (no routing issue)

    Gerhard Sauer
    Gerhard Sauer
    Hello, I have a problem with mainly HTTPS connections showing up in the log as Invalid Traffic / Invalid TCP state. See screenshots below. example domain is https://telekom.de I have 2 Internet connections with separate NAT and SD-WAN routes. Routing…
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • Open port 123 for Ubiquiti NTP access

    MCBLC
    MCBLC
    Hi all, I have a XG135 firewall and several RED devices, I also have several devices from Ubiquiti (UNVR and CloudKeys) and they are causing problems. Ubiquiti support keeps telling me that I need to allow access on UDP port 123 which they use for NTP…
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • Sophos XGS4300 - WAN Interface not pinging

    Stephen BabuJohnson
    Stephen BabuJohnson
    Dear all, I am facing a problem that my WAN Port always showing RED and i could not ping the WAN Gateway. At the same time, the same line with the same Static ip address is working in my laptop / nearby desktop without any problem. Kindly let…
    • Answered
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • IPv6 Country Block WAN to LAN strangeness

    Casual_User
    Casual_User
    Hello, Since the XG Firewall does not have countries for IPv6, I have created my own countries based on published IPv6 address ranges which can be found here https://www.ipdeny.com/ I created a LAN to WAN rule to block access to a country and a WAN…
    • Answered
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • Sophos XG Alias Interface not showing up, SFOS 21

    dmuller
    dmuller
    Hi all, I created a new alias interface but missed on digit, so the address doesn´t belong to a existing interface configuration. Now I cant delete that alias because its not showing up in gui. Is there a way do get rid of that alias via console?
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • External Partners Accessing DMZ

    Reem Jalal Eddine
    Reem Jalal Eddine
    Hello, Need your recommendations, we want to implement a SFTP server to exchange data from and to one of external partners. I am planning to add the server to DMZ group and just restrict FTP protocol to it. Create a NAT rule also i want to force the…
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • Ring topology using Sophos Firewall

    Mayuresh Bhagwat
    Mayuresh Bhagwat
    I have a customer who has 4 Sophos Switches and 1 Sophos Firewall. He intends to connect them in a ring with Firewall as a Gateway. So here is the planned setup: Sophos XGS Firewall as Gateway with 2 interfaces as bridge mode: Port 1 Bridge Mode on…
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • Allow external IP range and ports

    Bradley
    Bradley
    Hi all, We are having a few problems with our VOIP phones. I believe it may be to the firewall, but I not 100% sure. I need to allow an IP address range and some ports. I have created a firewall rule, but I cannot see that any traffic being logged…
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • Sophos XGS: DNAT Through Routed VPN

    FMXio
    FMXio
    Hello everyone, I am attempting to redirect all requests made to 192.168.10.5 to 172.16.10.5. The VPN is working properly on both sides. Sophos XGS: DNAT Through Routed VPN Details: #VPN Working 100% LOCAL-LAN: 192.168.10.0/24 (Sophos) REMOTE…
    • Answered
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • Multiple Email Addresses for local users on XGS firewall

    Luis Prunn
    Luis Prunn
    Hello community, I am currently working on a SG to XGS migration for one of our customers. The customer had a bunch of local firewall users. Many users have alias email addresses configured on the SG firewall. Unfortunately, I am not sure how…
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • v21 XG Home VPN Hardware acceleration

    MikeyS
    MikeyS
    Good evening, Back testing XG Home, does v21 support hardware acceleration for IPsec and SSL VPN tunnels? I have XG Home installed on a XG230 R2 at mo, I have a XG135 R3 that has pfsense + on it atm, so pending successful testing, planning on dropping…
    • Answered
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • View related content throughout Sophos Firewall
  • More
  • Cancel
>