Setup Sophos XG 330: LAN Port 9 10.0.0.248/24 LAN Port 9.8 10.0.8.248/24 FIREWALL RULE: LAN any - LAN any ALLOW Port 9 plugged in Switch port 24 Layer3 Switch: VLAN 0 10.0.0.1/24 VLAN 8 10.0.8.1/24 Port 24 Trunk ALLOW ALL VLAN Port 1 VLAN=0 Port 2 VLAN…

Hello, i have a problem and i hope you can help me: 1) I have a zone called >RED, with my REDs in branch offices (Ip-network: 192.168.41.1/24) 2) I have some destinitions which are connected with IP-Sec connections (IP-Network: 172.30.200.0/24…

Hello, I apologize if this is a rookie question. I have 2 XG 430s in HA mode behind a Cisco 3900 router. ISP>Cisco>XG>Users My question is can we use the Firewall(s) for routing and eliminate the Cisco router? I believe it's only doing layer 3 routing…

I've tried to follow rfcat_vk's excellent documentation of the current state of IPv6 in SFOS. And I've been feeling like I'm missing out that my ISP doesn't offer IPv6 (they've said "coming soon" for a year now, maybe more). But the more I look into it…

Hi everyone! New with Networking. Is it possible to connect another router with a different ISP to my existing architecture? Please refer to the diagram below. The purpose of the "to be implemented architecture" is to allocate all the bandwidth…

So, still in the middle of migrating from UTM9 to XG and experiencing growing pains. Totally retooling my network and I am having trouble understanding a problem that I have run up against. I have a managed switch that I have my wireless VLANs on (ports…

Hi All, newbie in Networking. Currently, we have this network setup We are planning to get an additional ISP exclusive for one of our departments. Is it possible to connect another modem(ISP) to our router and which configurations should I do to…

I have deployed an Active-Passive XG Firewall setup in AWS following the proper guide and have full routing and sorted out the health check on the load balancer for incoming services. One issue I am having is the incoming traffic is being NAT'd to the…

Everytime I create a new VLAN, I cannot receive a valid IP. Here's an example: Here's the configuration for my newly created DHCP for VLAN 130 -------------- -------------------- ---------- Sophos Router is connected to our Core…

Hi All, newbie in Networking. Currently, we have this network setup We are planning to get an additional ISP exclusive for one of our departments. Is it possible to connect another modem(ISP) to our router and which configurations should I do to…

I've done a fair bit of searching and reading on this forum and cannot find answers to the behavior I'm seeing. Here's the overview followed by my questions. I have an XG Firewall deployed in Azure. Setup is pretty much spot on the documentation for…

Hi everyone, Maybe I'm doing something wrong but I can not have all my offices browse each other on MPLS connection... First of all each office has a connection, managed externally by one ISP, with its own router and each is part of a big MPLS. On…

Hello community, until now we had several "old" vlans which are routed over the core switch. Any traffic between the vlans and the corresponding subnets is allowed. No acls, no packetfiltering. Now we created new vlans with new subnets and tried to…

Hi all, I have a HQ site and a branch site. There's a policy-based ipsec site2site connection established the sites. Branch site has SSLVPN(OpennVPN 10.81.255.0/24) server running and is used as default gateway. Branch site also has an internal…

Hello everyone, Sorry for being a noob here. I have the following network map layout: I use a dual-WAN bandwidth aggregation configuration rather than a failover one for most of the interfaces. However, I look forward to: Assign my TrueNAS server…

We have the following scenario: Sophos XG135 (SFOS 18.5.2 MR-2-Build380) Port 1 gateway to fibre internet Port 2 Gateway to VDSL Port 3 Gateway to LTE Port 4 LAN Clients Port 5 LAN Server Port 6 DMZ The XG connects multible IPSEC tunnels via Port…

Am I missing something here ? I've installed Debian 3cx and Gateway is Sophos XG (static ip and gateway set on network)... however even without Sophos running i can still get normal access to 3CX just fine, which proves despite setting static IP and…

Hello I have two sophos connect together. Sophos1 - switch - Sophos2 I have multiple VLANS between them. All vlans have owen subnet. Phisical interface has also owen subnet. I cant ping betwen vlan interface. Whatever i use. But Phisical interface…

Hi, I'm attempting to get WAN failover working across sites using OSPF (default information originate). The issue is with getting the local default route disabled in case the local Internet connection drops. Can you please let me know what is the correct…

Hi community, for reasons of simplification let´s assume that our XG450 ( SFOS 18.5.2 MR-2-Build380) has 4 ports configured: Port 1 - Zone WAN - IP 1.1.1.2/24 Gateway is 1.1.1.1 Additional Alias: 1.1.1.3/32 Port 2 - Zone DMZ1 - IP 2.2.2.1/24 used…

Hi Everybody. I am running SFOS 18.5.2 MR-2-Build380 on an Intel iCore 5 based PC as "Sophos XG Firewall" in connexion with an ASUS Router operating as Access Point and my ISP operator TV Box which is connected to Asus Router. As the "Sophos Firewall…

Hi all, we have recently replaced a customers firewall with two XGS 126 in active/passive cluster. During the implementation we experienced some issues we wanted to discuss here to find a solution, if possible. I already did some research in the Sophos…

Hi, I have Sophos XG330 and two BGP link configured in LAN Zone. Both link are active and working. I would like to configure failover/ Failback and set primary and secondary link. Does SD WAN Policy Routes help to achieve this ?? I have tried…

I have two Sophos XG Firewalls ( SFOS 18.5.1 MR-1-Build326) Both are managed by Sophos Central and I used the platform to create an SD-WAN between the two offices. I am trying to get the Branch Office XG to access the AD at Head Office in order…

Hi all, We recently switched from a UTM software install to a pair of XG3100s running in HA active/passive. Since the switch over we have had an issue with clients at our branch offices communicating with servers and devices on our LAN. Network…