• SSL VPN Route Issues to VPN Clients Firmware 20.0.2 MR2, and Version 21

    Cameron Savage1
    Cameron Savage1
    This problem is occurring on Sophos Firmware 20.0.2 MR-2-Build378 as well as SFOS 21.0.0 GA-Build169. The problem also occurs on an XG with a firmware of 20.0.2 MR-2. Route Precedense has been set the following ways: static vpn sdwan | vpn static sdwan…
    • 3 days ago
    • Sophos Firewall
    • Discussions
  • SFOS 21 Third-party threat feed limits

    mierwins
    mierwins
    What's the limiting factor on the third party threat feeds? I current have 617,819 total IOC's in a v21 system running on a VM (software) and when trying to load another list here: https://raw.githubusercontent.com/hagezi/dns-blocklists/main/domains/tif…
    • 5 days ago
    • Sophos Firewall
    • Discussions
  • Workaround for Sony Playstation behind XGS? Could not associate packet to any connection.

    LHerzog
    LHerzog
    An XGS 136 v20.0.2 has a Playstation on the LAN zone. The LAN zone has unlimited Internet Access but IPS is active and DPI is monitoring outgoing connections but is not decrypting anything. This playstation was first run today and it started with…
    • 7 days ago
    • Sophos Firewall
    • Discussions
  • Sip from one internal zone to another

    Michael Pousen
    Michael Pousen
    We have our telephones in their own network zone - the Phone. I would like to have have a few mobile devices in a different zone with a sip client be able to access the pbx. Created a rule to allow udp 5060, what our pbx is setup to use for sip, and yet…
    • 13 days ago
    • Sophos Firewall
    • Discussions
  • How can I prevent OSPF from distributing WAN subnet

    Bill Roland
    Bill Roland
    Hi all, I have an XG firewall (v21) that I would like to use OSPF to distribute a couple of routes to my main network which is also using OSPF. I configured it and it is passing routes but it is also passing the subnet for the WAN interface, which I…
    • Answered
    • 13 days ago
    • Sophos Firewall
    • Discussions
  • cannot ping from sophos device

    Charlie Dodd
    Charlie Dodd
    Hi I am using SFOS 21.0.0 GA-Build169 and noticed that when I use the ping diagnostic tool in the Sophos interface it doesn't work when I select an interface (eg ping using an IP in my networks) I logged into the console of the Sophos device and got…
    • 14 days ago
    • Sophos Firewall
    • Discussions
  • BLOCK VPN ON WEB AND MOBILE

    Mohamed Arbaaz
    Mohamed Arbaaz
    HI I have a firewal with firewall rules to block social restriction both on web and mobile but the challenge is that users have dowloaded vpn on there phone are able to bypass the policies and have full access
    • 15 days ago
    • Sophos Firewall
    • Discussions
  • DHCP lost to all devices except one vlan

    Reem Jalal Eddine
    Reem Jalal Eddine
    hi i previously posted a question on how to migrate trunk vlans from one port to another mew port for lag configuration. Once i did the transfer we lost connection with dhcp all clients cannot get ip address but once they get a static ip the communication…
    • 17 days ago
    • Sophos Firewall
    • Discussions
  • IPS problem "OS-LINUX Linux Kernel Netfilter iptables-restore Stack-based Buffer Overflow"

    Charlie Dodd
    Charlie Dodd
    Hi All, hope you can help. Ive recently been getting a lot of alerts with this as can be seen in the image below. searching with some of the IP addresses on greynoise it shows it as commonly seen and it is nothing to worry about. i have seen that…
    • 20 days ago
    • Sophos Firewall
    • Discussions
  • OneDrive Applicaton Signatures don't work as expected

    Sariyer Belediyesi
    Sariyer Belediyesi
    "OneDrive File Download" and "OneDrive File Upload" Application Signatures are not working as expected on Sophos XGS 6500(SFOS 19.5.4 MR-4-Build718). I need to separate the OneDrive web application rules into "Download" and "Upload". However, it does…
    • 20 days ago
    • Sophos Firewall
    • Discussions
  • DMZ Configuration

    Geoffrey Njoga
    Geoffrey Njoga
    Hello Team. I recently deployed a sophos xgs 3300 firewall. I am very green in regards to the firewall but I have managed to set it up and get the LAN and remote sites to access the network services. The challenge I am facing is making my public servers…
    • 20 days ago
    • Sophos Firewall
    • Discussions
  • xg firewall rule for nvr

    SATPAL BHATIA
    SATPAL BHATIA
    Dear Team, How to configure NVR rule on firewall. So that I can access the cameras through static IP from anywhere. Regards, Satpal.
    • 21 days ago
    • Sophos Firewall
    • Discussions
  • Unable to access captive portal using Lets Encrypt certificate

    Tyler VanDorn
    Tyler VanDorn
    Problem: When I go to the portals from my LAN zone I can get into all of them except the captive portal. Ports 4443 (user) , 4444 (admin) work. Port 8090 gives me an error in the browser: Firefox v133.0: PR_END_OF_FILE_ERROR Chrome v131.0.6778.87: ERR_CONNECTION_CLOSED…
    • Answered
    • 21 days ago
    • Sophos Firewall
    • Discussions
  • v21 Let's Encrypt Cert creation and renewal fails, whan NAT Rule for HTTP/HTTPS exists

    PCPCH
    PCPCH
    On one of our XGS-firewalls, we need a NAT rule for HTTP/HTTPS. On this firewall, it's not possible to create or renewal a Let's Encrypt Cert. We need to disable the NAT rule, then it works to create/renewal the certificate. But this can't be the…
    • 21 days ago
    • Sophos Firewall
    • Discussions
  • SSL Medium Strength Cipher Suites Supported CBC mode Enabled

    Akash
    Akash
    How i can disable CBC mode and chacha20 affected algorithms and enable CTR or GCM cipher mode encryption.
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • Advanced Threat Protection C2/Generic-A

    Edward Raja
    Edward Raja
    Hi , We are facing this issue. Any solution for this?
    • 23 days ago
    • Sophos Firewall
    • Discussions
  • SFOS v21 - Windows DomainController connection to Clients behind RED recognized as Freegate Proxy

    Peter Riederer
    Peter Riederer
    Hey everyone, today i noticed our Windows DCs want to communicate with Windows Clients behind a RED Device, where SFOS is recognizing it as a Freegate Proxy Application and blocks it Src IP = Win DC Dst IP = Win Client behind RED Seems to be…
    • 23 days ago
    • Sophos Firewall
    • Discussions
  • Sophos Firewall v21.0 GA - Kyber TLS (Edge/Chrome) connection reset error for transparent TLS decryption

    AIFS IT Support
    AIFS IT Support
    We recently upgraded our Sophos XGS 4300 to SFOS v21. Since then, we are finding that a number of our users were receieving connection reset messages in their browser (Edge and Chrome) when attempting to access some websites with transparent TLS decryption…
    • 24 days ago
    • Sophos Firewall
    • Discussions
  • Classification query

    rfcat_vk
    rfcat_vk
    Hi folks, a question for those who can provide guidance and maybe even answer. The daily report shows various classifications for NTP type traffic. 1/. 2/. 3/. I was reviewing the hairpin NAT configurations and found there were some items…
    • 24 days ago
    • Sophos Firewall
    • Discussions
  • clientless sftp

    Reem Jalal Eddine
    Reem Jalal Eddine
    i have configured a clientless sftp policy that contains the bookmark and the bookmark contains the private and public key along with server information. I created a user on our portal and allowed it to use this policy. I did on the side another rdp policy…
    • 26 days ago
    • Sophos Firewall
    • Discussions
  • Whatsapp images and documents

    Mohamed Arbaaz
    Mohamed Arbaaz
    Hi I have an issue whereby users cannot send images or documents on whatsapp mobile app. We have policy rules for social restriction but whatsapp i alloewd but seems not to be working
    • Answered
    • 25 days ago
    • Sophos Firewall
    • Discussions
  • Bandwidth Limit

    Jabir V
    Jabir V
    how to allocate bandwidth limit to specific IP or IP class?
    • Answered
    • 27 days ago
    • Sophos Firewall
    • Discussions
  • SDWAN and Loopback NAT

    Bart van der Horst
    Bart van der Horst
    Hi, I've got the following case on a customer site: Internal webserver on LAN, needs to be accessed from same or different internal LAN on the external IP, normally I use a loopback NAT rule and this works. Since a few weeks we had to switch to…
    • Answered
    • 28 days ago
    • Sophos Firewall
    • Discussions
  • 2 WAN-Links (use primary one, and only if failover the second) - Problem with DNAT on failover Interface

    nils50122
    nils50122
    Hello, we have an question because in the past we have problems with DNAT when configuring our two WAN-links as active/passive. As a workaround we configured the two interfaces as active/active, but now the problem is the second link (which is limited…
    • 29 days ago
    • Sophos Firewall
    • Discussions
  • How to import an external ip list into an ip host group via API

    support_einsal
    support_einsal
    Hello community, We want to fetch a list of IP addresses from a webserver and (dynamically) import them into a host group on our firewall (Sophos XGS3100 Vers. SFOS 20.0.2 MR-2-Build378 ). Our plan is to use the API along with a Python script that downloads…
    • 1 month ago
    • Sophos Firewall
    • Discussions
  • View related content throughout Sophos Firewall
  • More
  • Cancel
>