We recently replaced all our xg230 with xgs 2300 firewalls. Geovision Video server is on a dmz with port forward rule and NAT rule. Remote playback and viewlog you can't connect to them. Live view works fine. Other sites no issues. Firewalls are setup…

Hi All Ive spent some time on the Sophos documentation but I'm unable to get to an answer via the available online resources. I have a firewall with a few basic rules. Unrestricted internet policy - less web and app filter restrictions based on…

Hello everybody, I would have a question to the firewall rules and DSCP marking under "Other security features"... My Sophos instance is running in bridge mode in front of my router's WAN interface (with only one public IP). I apply the function " Scan…

Added a new firewall rule. It does not show in the Rules and Policies. I thought maybe I didn't click 'Save'. So I went back in to add a new rule. This time when I try to add the rule, it says 'Rule already exists.' Ummm, okay. Where is it?

I would like to block access to and from certain countries with the MTA enabled. This was really simple on the UTM, but seems much more complicated in Sophos Firewall. I have created a black hole NAT rule as suggested in the documentation, but can’t work…

I had our Sophos XG87 configured by our reseller when we bought it, since I knew nothing about how to do it properly. I've learned a lot and have changed quite a few things, but want to make a foundational change that will require destroying several things…

Hello, I'm new to Sophos, and am deploying my first firewall to a very basic client, and just want to check what I have configured is a reasonable balance between security and functionality? I am just looking for opinions and whether I have missed anything…

Hii Community, I configured a firewall rule for VPN to LAN connection and another for LAN to WAN connection, attaching a NAT rule with MASQ for internet access. Despite this, I could establish a VPN connection with the Sophos Connect client but couldn…

Good morning, I currently have a server in an on-premise datacenter that responds to TCP port 12233. So there is a very normal DNAT on the XGS firewall of the public ip 80.80.80.80:12233 towards the private server ip 192.168.1.10:12233 This service is…

hello , i'll try a simple port forwarding when i setup this like below , it works when i change the source port to 7887 then it dont forward. why o why ?

Hello. I wonder if Sophos Firewall could be set up to have each VLAN having different WAN gateways ? For example, VLAN 1 will go to WAN 1 and VLAN 2 will go to WAN 2, so that there will virtually be two networks. Originally, I was thinking to set…

Hi, I have been given an iptables command and I would like to create the same rule on my XG. Could anyone confirm if I have "translated" the rule correctly, please? iptables -t nat -I PREROUTING -s 10.100.20.19 -d www.riscocloud.com -p tcp --dport…

Hello everyone! I have 2 SOPHOS firewalls in two different buildings, connected by Long Range Aerials (point to point). FIREWALL 1 is configured like this: LAN 192.168.122.X (Aerial 1 is part of this DHCP pool) WAN public IPs (static) then…

Hi, I am wanting to block the IOT network (xxx.xxx.5.xx/24) from pinging the default gateway of other networks so created a firewall rule to do so however when testing, devices in the IOT network are still able to ping the default gateway of other networks…

Hi! I am a proud owner of XGS 107 and pretty happy with it. I am running a homelab with a few vlans, really nothing special. But there is something, that is bothering me: I am also using Barracuda Firewalls where i work, and there i really like the…

After installing Sophos XGS2300, our client stopped viewing his Dahua CCTV remotely on his smartphone, the NVR is online in the AP but CCTV footage is not I dstreaming. I did all the necessary port foward and ports are open RTSP: 554 TCP: 37777 HTTP…

Hi guys, We have been deploying a firewall policy for a few months now and have noticed that there are a few customer firewalls that are unable to deploy the configuration. They all appear to be getting a similar error to the one pictured below. Can…

Hi community, I'm trying to connect two different Subnets. This is the environment: Subnet A 192.168.1.0 /24 Gateway: 192.168.1.1 Port 4: Company with DHCP address 192.168.1.55 Device: FritzBox Subnet B 10.0.100.0 /24 Gateway 10.0.100.1 Port…

Hello guys Fiber Interlink Network 1 should be able to communicate to network 2 through the fiber link Please assist in configuring

Hi everyone, Firstly let me explain the setup i have for my home network Have WAN plugged into a mini PC which runs Sophos XG. On Interface 4 of Mini PC i have plugged in ubiquiti AP from which other devices get wifi connection ( mobile phone , laptop…

Hi, I read this forum discussion (10 months ago) and it was said that this will be a new feature request. Has it available right now ? xg / xgs - allow ip from specific asn number only Thanks.

Can anyone please tell me (A) How to block all QUIC traffic in and out ,and (B) will that then give me better log reports of url's visited ?. Thanks

I am completely stumped by this. I am sure its something obvious that I am overlooking. Lan Port 1 - 192.168.1.254/24 MGMT port 5 - 172.16.0.254/24 I already had a rule saying mgmt subnet source 172.16.0.0 could access lan subnet destination 192…

What did I do wrong?

Hi I have a linux server in the DMZ, and I want to manually patch it from time to time. so I want to open access only during patches then close access to WAN. what are all the rules to put in place. well I'm going to choose the scheduled time tab.