Hello, everyone. I created a DNAT rule. I receive the communication on the local interface at the SFW's IP address on the LAN and translate it to another destination that is remote on the VPN. I force a SNAT with the SFW's IP address that is assigned…

Hello everybody! Right now I have the situation where I want to have multiple public Servers behind a sophos virtual firewall. For the Sophos i have a seperate public IP. I have a public IP Subnet for the servers that is routed via the public IP of…

Hi there, we have a /64 subnet (with gateway) and a /56 assigned by the ISP. No PD in place. I've assigned an address from the /64 subnet together with the gateway to the WAN interface, which is now reachable via IPv6. I'd like to assign IPv6 Addresses…

Hello, I'm not an expert (for the moment) on Sophos. For a customer that has an XG Firewall, he asked to configure a SSL VPN connection. As I already done this some years ago on a privous Sophos Router, it should be possible ;-) But the LAN/WAN…

Hello Team, I've successfully configured the Sophos XGS in my security account and routed internal traffic via the Sophos LAN ENI instead of using a NAT gateway, which is functioning well. Now, I have another workload VPC in a separate account that…

1. We have a 2 XGS connected via a private ISP fiber and the interfaces are LAN / GIG. 2. For resiliency we have a IPsec Tunnel interface between the same, using a disparate ISPs at each location VPN/GIG. We have been using OSPF for all of our routing…

Hello Sophos, today we received the information, that FRR has new CVEs: CVE-2024-31948 CVE-2024-31949 CVE-2024-31950 CVE-2024-31951 All versions <= 9.1 are affected, including version 8.4.2 on the Sophos firewalls. When will the update be provided…

Hi, Two locations are connected with MPLS. Both locations have Sophos devices. In both locations, the servers and PCs behind sophos can ping each other and access each other. However, when we ping or trace the same ip addresses in the diagnostics…

Hi Team, I have created a network on layer 3 with a point to point connection from port 3 of my network to the layer 3, which ideally hold my internal network VLANS & devices. on port 3 i have the one IP, and on the switch i have another ip (point…

Hi, I have been trying to implement SMTP routing for inbound and outbound SMTP traffic over a GRE tunnel. I have another thread about this but I am having some trouble with the source of inbound SMTP traffic, becoming the destination? (screenshot below…

Hi We are pulling our hair out slightly trying to get a SD-WAN deployment to play ball and have so far spent over 10 hours on the phone to support so far without them being able to explain why this traffic is doing what it is. The scenario is a 9…

Hello, I have a problem. I want to allow the internet to go to all branch offices through the XG firewall at the head office. The other branch office has a Sophos firewall, Currently, I have centralized internet connectivity at the HO as well…

Hi, We have an issue that I need to resolve and I am unsure of how to get this to work. Scenario: 2 schools need to connect their networks via a backbone provided by Virgin. The backbone provided has a Cisco firewall at each end. School 1 has an…

Hello, How can i configure a routing for this scenario? I tried some configurations but i´m not having any success. Trying to configure sophos and wireless apx to work in different networks. I´m connecting via wireless to APX320 and getting…

My other other end BGP peer advertises a lot of network, including my side local network. I want my end device to exclude one network from learning (like 192.168.2.0/24). Are there any BGP commands for this.

Hi, maybe a dumb question but what does the command really do? Maybe it is because of my special setup with the BO firewall tunneling all traffic to the HO firewall. But as far as I understood the - very well hidden - comparison whenever I want to do…

Ok this is tricky to describe: Sophos XG firewall at 192.168.1.251 - Has static route to 192.168.3.X network via 192.168.1.253 router Server A at 192.168.1.17 - Has default route of 192.168.1.251, Has no static routes defined Sophos UTM firewall…

I have a BGP peer that is exposing the following communities for a route: COMMAND--> show ip bgp 172.16.247.0 64521 64515 133937 10.5.255.150 from 10.5.255.150 (192.168.254.10) Origin incomplete, metric 33, localpref 100, valid, external Community: 67…

I have a scenario where i need to publish only some part of the whole RIP information on a particular Interface.How can i achieve that? Right now all the routing data is sent on all the interfaces.

Hello, My company has an MPLS that is managed by the service provider, and all traffic going to the Internet from the MPLS sites comes first to my Sophos cluster which is in our main site. This was implemented a few months ago and was working fine until…

Hi Guys, One of our customers uses a 3CX system and has a separate MPLS connection for it. They bypassed the link to 3cx and accessed their 3cx server through the internet. Now they are requesting us to configure router traffic using the MPLS link…

Hello, I only have one public IP address, but I have several domains, such as ui.mw.com, uat.mw.com, and demo.mw.com Similarly, I currently use port forwarding to visit various domains, such as uat.mw.com:7443 and demo.mw.com:6443. It's doing well, however…

Good Day, Hope anyone can assist me? I have an issue with my VLAN setup on our Sophos XG230. I am using two different ports on the firewall to separate the main LAN from the VLAN and want to route the traffic via the firewall. Switch already been configured…

Ok so I'm in a bit of an interesting issue and I'm not sure whats going on. Recently we had a power outage that was long enough to draw out the UPS and shut down the network stack ungracefully. Up until then I was able to route between VLANs and even…

I have a VLAN setup for our IP phones, the phones are able to get an IP but for whatever reason their traffic is not being routed correctly. I have one phone routing fine, but the other is not routing through the correct port. 10.10.52.0/24 is the network…