Dear tEam, I cannot allow traffic from an external ip and a specific port to my local server. I tried differents things but it doesn't work.

I have been having an issue where my smart tv hangs when apps first start up. It hangs for...several minutes sometimes. Checking my firewall logs, this is the reason, and after the several minute hang, everything works, which makes sense since it's now…

I have an XG330 running 20.0.2. I'm trying to configure BFD+BGP. The BGP portion works great. However, the BFD portion does not. I enabled BFD from the CLI. The following is what my BGP configuration looks like from the CLI: Current configuration: …

.Hello @all! So I have asked in the past a few questions about QoS, but I had a more complicated setup with two WANs and additionally the second was a bonding between an ADSL line and a 4G+ sim card, which was nor really steady regarding the bandwidth…

Hi, what would be the proper way to configure different WAN ALIASES for outbound traffic, for example in this manner: LAN users would use WAN Alias 1 for browsing and accessing web LAN2 users would use WAN Alias 2 FreeWiFi users would use WAN…

Hello, We've seen a message on the Sophos Firewall WEB-UI leading us to this article: "Multiple failed login (brute force) attempts for WAN-facing portals on Sophos Firewall" https://support.sophos.com/support/s/article/KBA-000009932?language=en_US…

Hi, On brand new XGS-136 I have problem, which cannot solve for few days. So I would appreciate any hints. Packets are dropping randomly every minute or so, sometimes even more frequently, in the following direction: From LAN side --> to Sophos…

Hi Folks, I'm moving from UTM to SFOS. Getting it setup with the basics was all fine but something I've been wanting to try for a while was to remove the masq rules as sophos is my back firewall in a back to back config. I ran into an issue though…

Looking at IP Hosts like #Port2 or ##ALL_RW, they are dynamic IP addresses, correct? So if Port2 is my WAN port and the ISP changes my IP (via DHCP), wherever #Port2 is used in any rule will automatically be updated instantly so that the rule still applies…

If you are not registered in Active Directory, you cannot access the internet. How can I do it?

Hello, Over the holiday weekend we upgraded our XG330's from 19.5.4 to 20.0.2 MR-2-Build378. After the upgrade none of our wildcard FQDN rules are resolving/working. They worked perfectly fine prior. This is causing quite a bit of issues for user authentication…

Hallo zusammen, seit Donnerstag bekomme ich ständig die Warnung mit folgender Nachricht: Message: Access from IP address '92.53.65.166' is blocked for '5' minutes after '5' unsuccessful login attempt. Unsere Firewall ist Alert for XGS2100…

On September 4, our Firewall VPN Portal was attacked from IP 92.53.65.166 (Russia) with hundreds of login attempts for different usernames. After bloicking this, today (September 8) we have been hammered by another attack, this time from hundreds of different…

Since today we have been experiencing massive password spraying attacks on many Sophos firewalls, especially on the VPN portal, which listens to port 443. Apparently these are attacks from Russia with the IP 92.53.65.166. How can I create a rule to prevent…

Hello: I have a WAN port (Port 2) that is connected to our ISP with an IP block of 65.170.xxx.xxx/29. We have another block of IP addresses from the same provider at 63.162.xxx.xxx/29. Both come in thru the same ISP router (Cisco 4300). There are 4…

Hi all, can someone provide a hint, how to access a device where all LAN-Interfaces are "tagged" and "LAG"-ports? I've restored a migrated config and now the only untagged port is the WAN-port (can#t ping or access these port) I am able to access…

Hello, i need some help. I have a Branch Office wiht a XG125 and SFOS 20 MR1 up and running. Laptop connects over a APX320 AP and get a WiFi IP Address. Laptop was able to connect through Microsoft Always ON VPN (IKEv2) with UDP 500/4500 find to…

Hi community, While troubleshooting an issue with a webservice on an internal network I found out after a packet capture on both the client and the Sophos Firewall (unable to capture on the webservice device) that the Sophos Firewall captures packets…

Hello Community, I am currently in Poland setting up a second S2S tunnel and I am struggling with the fact that the xfrm interface of the tunnel cannot be found under the interface to which the tunnel is bound. What am I doing wrong? Attached are some…

Hello!! In my home network, I have a mini PC with two ports running Proxmox and a virtualized Sophos Firewall Home Edition. I have purchased a mini PC with four ports to replace the one I currently have. While I wait for it to arrive, I decided to…

Hi all, any hints to configure mobile WAN as backup line? wired WAN is default but when line is down mobile WAN should jump in place. Mobile WAN must be turned on or not? WWAN Interface must be to automatic or manual? Thanks for help …

Good morning. I have a problem in identifying which server makes requests to another when the requests arrive to a loopback to access internal servers when pointing to their public ip's. Example: server with ip 192.168.1.20 resolves DNS that points…

I have a dual WAN setup, for this example, I'll call them A and B. A is my primary WAN, and B is my failover backup WAN. A uses starlink, and B uses a local ISP. I use another app to monitor pings to my ISPs to see if they are up. Unfortunetly…

Hey there, How much of an impact to the internet speed does it make, if I create a new firewall exception? Since the firewall has to go through the entire ruleset, it should slow down every request a little bit. Is there an upper bound of…

have created a new alias port (Port 5:0) on our Sophos XG 210 (SFOS 20.0.2 MR-2-Build378) and created a local host at internal IP of 10.0.0.71). I have also created a firewall rule to allow access to this host from several specified remote hosts that…