Hello,
Im doing some POC to chose the best firewall that have a good NGIPS.
The default IPS profile was not able to block Impacket, psexec or any other Windows RCE.
How can i made the IPS policy more strict for a LAN to LAN policy.
Hello Team,
I hope this message finds you well. I am writing to seek your assistance regarding a configuration issue I am facing with our sophos xgs firewall setup.
We have recently configured traffic flow and firewall rules for inbound and outbound…
In the IPv6 training, a manually configured IPv6 link-local address for the gateway was considered "best practice". fe80::1 would be a good choice... Is it possible to configure this with sophos firewall? ...or why this should not be done?
thx in a…
Added a new firewall rule. It does not show in the Rules and Policies. I thought maybe I didn't click 'Save'.
So I went back in to add a new rule. This time when I try to add the rule, it says 'Rule already exists.'
Ummm, okay. Where is it?
I would like to block access to and from certain countries with the MTA enabled. This was really simple on the UTM, but seems much more complicated in Sophos Firewall. I have created a black hole NAT rule as suggested in the documentation, but can’t work…
Hi,
here is my setup, i have 2 VLAN ( 20 and 30 ) and both have DHCP enabled, and both have similar setting.
VLAN is supposed to be used for Administration purposes and VLAN 30 for production traffic.
VLAN 20 does not have access to Internet…
Hello Everyone,
We encountered an issue with Sophos firewall XG. The issue simply is when we try to open the Banking website to do transactions or online banking, we authenticate normally. However, when we try to access anything in the bank website…
Hello,
I'm new to Sophos, and am deploying my first firewall to a very basic client, and just want to check what I have configured is a reasonable balance between security and functionality? I am just looking for opinions and whether I have missed anything…
Hello Team,
I've successfully configured the Sophos XGS in my security account and routed internal traffic via the Sophos LAN ENI instead of using a NAT gateway, which is functioning well. Now, I have another workload VPC in a separate account that…
What is the best way to block users from using any version of Team viewer and Any desk and what ports have you used if we need to block ports? How to do that on Sophos?
Hello,
I'm reconfiguring my fw (latest OS version), changing the zone and IP of my reverse proxy, from LAN to DMZ.
Externally I'm able to reach my web sites with the RP on LAN, but if I change the zone and internal IP in firewall rule and NAT rules…
I noticed a strange mixing of DHCP settings when having 2 reservations for one client MAC address.
console> system dhcp static-entry-scope show global
I have a VLAN on the XGS lets say VLAN10 Net: 10.1.2.0/24 GW: 10.1.2.1
On that VLAN is a XGS DHCP…
Hii Community,
I configured a firewall rule for VPN to LAN connection and another for LAN to WAN connection, attaching a NAT rule with MASQ for internet access. Despite this, I could establish a VPN connection with the Sophos Connect client but couldn…
Hello,
I have a situation where my ISP installed a router and gave me a subnet ( 10.1.1.0/24 ) with the gateway being the router(10.1.1.1).
My understanding is that I need to configure an internal network (i.e 10.1.2.0/24) on the LAN side of the firewall…
We have some customers who use quite sensitive software. We have had repeated session drops with one customer (always at noon on Tuesdays -GMT-) The IPS patterns are said to have been updated at this time today. IPS is only active for some external connections…
Good morning, I currently have a server in an on-premise datacenter that responds to TCP port 12233. So there is a very normal DNAT on the XGS firewall of the public ip 80.80.80.80:12233 towards the private server ip 192.168.1.10:12233 This service is…
Hi,
I am really confused about how to do this on XG. I can go to Traffic Shaping and create my policy and attach it to my rule or service - but then in Traffic Shaping Service there is a setting "Optimize for real-time (VoIP)" that is Enabled by default…
I've got a Site connected with RED60
The RED itself uses a single IP Subnet /31 IP Address and has 4 VLAN with /26 Subnets attached.
In the Mgmt VLAN are Sophos APX Accesspoints connecting to Central.
That setup was running up and fine for years…
We are using BGP as the routing protocol to our ISP who provides us with two indepent WAN links and gateways which we can use as active/active or active/backup as we like.
It seems that any setting in the Routing -> Gateway section of SFOS and the corresponding…
Hi I have XGS4300 (SFOS 19.5.4 MR-4-Build71),DNS change Automatically in Sophos Firewall it can possible or not
can you please guide how to resolve this issue.
Hello All,
I am a newbee to XG, but have been using UTM9 for some years. In UTM9, I could see a number of attacks being dropped every day. After I changed to XG (version SFVH [SFOS 20.0.0 GA-Build222]) I do no longer see any attacks.
I have activated…
Hello,
Do you have any recommendations for classifying financial services/banks and bank websites in the Application object?
I need to use SDWAN for this type of service, but generally access to these sites are classified as "Secure Socket Layer…