This problem is occurring on Sophos Firmware 20.0.2 MR-2-Build378 as well as SFOS 21.0.0 GA-Build169. The problem also occurs on an XG with a firmware of 20.0.2 MR-2.
Route Precedense has been set the following ways: static vpn sdwan | vpn static sdwan…
What's the limiting factor on the third party threat feeds? I current have 617,819 total IOC's in a v21 system running on a VM (software) and when trying to load another list here: https://raw.githubusercontent.com/hagezi/dns-blocklists/main/domains/tif…
An XGS 136 v20.0.2 has a Playstation on the LAN zone.
The LAN zone has unlimited Internet Access but IPS is active and DPI is monitoring outgoing connections but is not decrypting anything.
This playstation was first run today and it started with…
We have our telephones in their own network zone - the Phone. I would like to have have a few mobile devices in a different zone with a sip client be able to access the pbx. Created a rule to allow udp 5060, what our pbx is setup to use for sip, and yet…
Hi all,
I have an XG firewall (v21) that I would like to use OSPF to distribute a couple of routes to my main network which is also using OSPF. I configured it and it is passing routes but it is also passing the subnet for the WAN interface, which I…
Hi I am using SFOS 21.0.0 GA-Build169 and noticed that when I use the ping diagnostic tool in the Sophos interface it doesn't work when I select an interface (eg ping using an IP in my networks)
I logged into the console of the Sophos device and got…
HI
I have a firewal with firewall rules to block social restriction both on web and mobile but the challenge is that users have dowloaded vpn on there phone are able to bypass the policies and have full access
hi
i previously posted a question on how to migrate trunk vlans from one port to another mew port for lag configuration. Once i did the transfer we lost connection with dhcp all clients cannot get ip address but once they get a static ip the communication…
Hi All, hope you can help.
Ive recently been getting a lot of alerts with this as can be seen in the image below. searching with some of the IP addresses on greynoise it shows it as commonly seen and it is nothing to worry about.
i have seen that…
"OneDrive File Download" and "OneDrive File Upload" Application Signatures are not working as expected on Sophos XGS 6500(SFOS 19.5.4 MR-4-Build718). I need to separate the OneDrive web application rules into "Download" and "Upload". However, it does…
Hello Team. I recently deployed a sophos xgs 3300 firewall. I am very green in regards to the firewall but I have managed to set it up and get the LAN and remote sites to access the network services. The challenge I am facing is making my public servers…
Problem: When I go to the portals from my LAN zone I can get into all of them except the captive portal. Ports 4443 (user) , 4444 (admin) work. Port 8090 gives me an error in the browser: Firefox v133.0: PR_END_OF_FILE_ERROR Chrome v131.0.6778.87: ERR_CONNECTION_CLOSED…
On one of our XGS-firewalls, we need a NAT rule for HTTP/HTTPS. On this firewall, it's not possible to create or renewal a Let's Encrypt Cert.
We need to disable the NAT rule, then it works to create/renewal the certificate.
But this can't be the…
Hey everyone,
today i noticed our Windows DCs want to communicate with Windows Clients behind a RED Device, where SFOS is recognizing it as a Freegate Proxy Application and blocks it
Src IP = Win DC
Dst IP = Win Client behind RED
Seems to be…
We recently upgraded our Sophos XGS 4300 to SFOS v21. Since then, we are finding that a number of our users were receieving connection reset messages in their browser (Edge and Chrome) when attempting to access some websites with transparent TLS decryption…
Hi folks,
a question for those who can provide guidance and maybe even answer.
The daily report shows various classifications for NTP type traffic.
1/.
2/.
3/.
I was reviewing the hairpin NAT configurations and found there were some items…
i have configured a clientless sftp policy that contains the bookmark and the bookmark contains the private and public key along with server information. I created a user on our portal and allowed it to use this policy. I did on the side another rdp policy…
Hi
I have an issue whereby users cannot send images or documents on whatsapp mobile app. We have policy rules for social restriction but whatsapp i alloewd but seems not to be working
Hi,
I've got the following case on a customer site:
Internal webserver on LAN, needs to be accessed from same or different internal LAN on the external IP, normally I use a loopback NAT rule and this works.
Since a few weeks we had to switch to…
Hello,
we have an question because in the past we have problems with DNAT when configuring our two WAN-links as active/passive.
As a workaround we configured the two interfaces as active/active, but now the problem is the second link (which is limited…
Hello community,
We want to fetch a list of IP addresses from a webserver and (dynamically) import them into a host group on our firewall (Sophos XGS3100 Vers. SFOS 20.0.2 MR-2-Build378 ). Our plan is to use the API along with a Python script that downloads…