We have been allocated an IPv6 /48 from our ISP. I plan on using Global/Public IPv6 addresses for my clients utilizing /64 networks from that /48. Kinda one of the main goals for IPv6 to not have to NAT behind a public address. I am able to successfully…

Hi everyone, I can confirm that (to me :-) there seems to be a bug if you have more than one WAN interface with PPPoE: The " Schedule time for reconnect" under "Network" -> "Interface" -> WAN-Port will not be respected though it will show correctly…

Good evening everyone, a customer of mine has currently patched an XGS firewall (SFOS 20.0.0 GA-Build222). The customer had a vulnerability scan with a result of 1 Medium CVSS. Namely: DNS Server Recursive Query Cache Poisoning Weakness www.tenable…

Hello, We are doing inventory work and we want to know the MACs of the interfaces of our 2 Sophos firewall but I don't see any information online Someone can help me out? Thanks and regards

Hello, Using the Sophos API (v20) ( https://docs.sophos.com/nsg/sophos-firewall/20.0/API/index.html ), authentication works whether it's a local account or an Active Directory account. However, when creating a VLAN through the API, an error occurs…

Hello, I have the following problem. We have two Active Directory Windows DNS servers on the internal LAN. They have entered the Sophos XG Firewall as a DNS server as a forwarding. The Sophos XG Firewall itself queries public DNS servers on the…

hi Community. we have a lte router with a static IPv6 IP-Address on the WAN-Side. I turned on the DHCP for IPv6 as you can see below: and as you see, the xgs gets an ipv6 address: The Sophos Cluster has v20 installed and I can see the cluster…

I'm upgrading my firewall and trying to figure out a simple way to switch my regular LAN from port1 to portF1 after importing the backup. I want to upgrade from the regular 1-gig connection to a faster 10-gig SFP connection. The tricky part is that there…

Hi, There has been several discussions / requests on the forum to have the possibility to configure DHCP client options on the WAN interface as their ISPs'DHCP servers require these options set to provide a lease. (from what I found, ref here or here…

Hi all, sophos XGS3300 with SFPS 19.5. In my internal network I want to decommission an old Windows Domain Controller. That DC still logs multiple DNS requests from the Sophos (Azure Cloud and other requests) per Minute. I removed that DC as Authentication…

Has Sophos figured out a way for firewall admins to see a numerical count of active DHCP leases? OR are we still relegated to paging through and counting the leases?

Hi All, One of our customers requests me to prioritize specific URL traffic to all the users (sample URL - example.example.com/.../ . Does anyone have an idea how to do this task? He has two WAN links and I tried the SD-WAN routes but had no luck…

I have a DHCP server running at head office on 192.168.100.21 which is a Windows Server that has a Sophos as it's gateway The branch office has a Sophos There is an IPSEC tunnel between the two Sophos units The branch office has a DHCP relay pointing…

hi . i want to use the CLI to add VLAN ID to the lan interface . how can i do that ? i tried using the Device concole but i find that i can do that only for bridge interface. Thanks

Hello, I configured my XGS to use traffic shaping for Teams and Zoom (Applications - Traffic Shaping defaults). Do you confirm that I don't need to select also "Apply application-based traffic shaping policy" under the proper firewall traffic rule…

Instead of manually entering DNS IP addresses into the DNS fields, it would be nice if we could use an IP host instead. Say you wanted to use google as your DNS. A user could create an IP host called "Google DNS servers" of the two IP addresses 8.8.8…

Need help Sophos XG Bridge Mode in Multi Vlan Enviroment I am attempting to setup XG in bridge mode on a multi VLAN line between switch infrastructure and the main routing equipment (The trunk from the switches to the router). Based on the documentation…

Good day l have a client with a sophos xg 310, they did a security audit report on their network. and the report came with this queries for DNS server allows cache snooping. l want to Restrict the processing of DNS queries to only systems that should…

I have 2 WAN links from the same provider with the same gateway. Would it be possible to aggregate the connections (bonding) for double the speed?

Hi, I have gone through a fair bit of posts and how-to online, so I decided to post the question here, after 5 days researching this. ---------------------- My setup: Motherboard with 1 built-in 1000mb/s ethernet port, 2x PCI-e cards HP NIC 2 ports…

Hello, When I use Sophos as the DNS server, I sometimes get a timeout for the DNS resolution. I also tried it directly from the XGS CLI. CLI: XGS107_SN01_SFOS 19.5.4 MR-4-Build718# nslookup google.de. 1.1.1.1 Domain Name Server# 1.1.1.1 Domain Name…

Hello Sophos Community, I am currently working on a sophisticated DHCP setup on my Sophos system and need some advice on how to achieve specific configurations. Any guidance or insights from the community would be greatly appreciated. My goal is to…

Good afternoon, Can you tell me where I can find example messages for syslog? Since in the documentation below the table with examples is empty. Or is it necessary to use the legacy option in this case? Any suggestions on where they can be found are welcome…

Hello In Port 1 I set static DHCP for 1 client. If this client tries to connect to port 5 using DHCP (in this case I did not set any static DHCP) the client will not receive any IP. If I remove the static DHCP entry for port 1, client will receive…

Hi, I want some local DNS servers to do DNS over TLS (DoT) and have configured them accordingly. I created a rule allowing TCP 853 for those hosts - both IPv4 and IPv6. Because of IPv6 is assigned via PD I used the client MAC address (on local LAN…