Hi I am using Sophos XG115 as the firewall and i do have a layer 3 switch (Unifi 8 port POE 60W switch) which leverages VLANS created & tagged at XG115. Users in different VLANs want to connect to devices (e.g. Network Printer and Network Attached…

Hi, I am sure this is something that is really easy to fix but I seem to be having some issues with the IPsec (Remote Access) setup. I have followed a detailed setup guide and while I can connect OK, once connected I cannot seem to ping anything on…

Hi, So i have the following Problem: On Site A i have a XG v18 with 2 WAN Interfaces, a client network (192.168.166.0/24) and a VoiP Network (192.168.168.0/24). WAN-1 is the default WAN and with SD-WAN routing all traffic coming from the VoiP Network…

This is hopefully a simple question... how does one undo the Asymmetric Routing commands as illustrated here: Avoid Asymmetric Routing in Cyberoam (sophos.com) Yeah, the article is for Cyberoam but applies to XG as well. Thanks in advance!

Hi all, I'm writing after a v17 to v18 migration, I have read and watched Sophos videos and I'm starting to get an idea of the main changes in the traffic management rules BUT, I wanted to be sure that I'm not missing something in the "concept" and…

Hello, I've got a strange problem to get a connection between a VPN IPSEC Client to a single device (IP-Camera) that is connected to the LAN. The XG-Firewall is running the DHCP- and DNS-Server. What I've noticed is that the camera lacks a "client…

I am working to setup a firewall and facing strange issue. The configuration is as follows: Firewall and Other Servers are hosted in subnet: 172.16.100.x Clients are hosted in various subnets like 192.168.x.x, 10.10.10.x Top Firewall rule is to…

HI I am trying to ping from Sophos LAN router block of 192.168.11.0/24 to 172.16.1.0/24 to 172.16.1.253 machine of the servers in AWS Ec2 instance. IPSEC is showing up, but Tunnel on AWS side is showing down. Sophos firewall sits behind the ISP router…

Hi, Following configuration: Port1 192.168.0.251/24 Port1.200 192.168.0.9/24 Testing the traffic: In my opinion, the traceroute should use 192.168.0.251 as first hop. But it uses the 192.168.0.253 witch is the MPLS router. We can't reach…

Hallo Community, ich habe eine Frage zu einem Szenario was ich gerne aufbauen würde und wollte wissen ob und wie ich das am besten umsetzen könnte. Der Server1 (10.132.0.17) soll den Server2 (10.30.0.3) erreichen und dafür bitte die Route über 10…

Hi. Many thanks for reading this, I am hoping someone may be able to throw some light on what I am trying to achive. I am new to the Sophos XG platform but I assume what I am trying to do is possible. Here is my scenario. Two companies in the same…

I am trying to access the web management interface to my ESXi physical host. I think something like a rule needs to be setup so that I can access it. It has a static IP address of 192.168.1.115 My firewall has an internal IP address of 192.168.1…

Hey Guys, really starting to get frustrated with our new network configuration and cant see the problem. We are in the middle of migrating two branches together and built in a sophos xg 210 in the smaller branch. We have a WAN Link from our ISP and…

Hello. I have 2 sites with 2 ISP each other: Site 1 (ISP A, ISP B), Site 2 (ISP X, ISP Y). So I think to config 4 tunnels like we did with Site-to-Site IPsec VPN: Tunnel A-X, Tunnel A-Y, Tunnel B-X, Tunnel B-Y. Site 1 publish this networks (192…

Dear Team, We configured rules for destination zone to source zone and vice versa for both vlans. But doesn't worked. The same configuration was working with 17.0.5

I have 2 firewalls. Firewall A is a XG and Firewall B is an SG A ---- B IPSEC Tunnel On A x.x.x.x/24 can ping on B x.x.x.x/24 and vice versa However on the A side if you browse to the webpage of that device such as a esxi host or synology…

Hi folks. Im a learning Technician in Sophos XG and i need help with this request. Acctually we have a Sophos XG FW 18.0.1 and we have a software provider where we access a particular software in one server. The service provider has allowed the traffic…

Hello all, We are in a migration process to a new LAN installed, on our building, moving from a Ubiquiti Unifi Network, to a FULL HPE Aruba Network. For now we would like the old equipments, to contact the new equipments on the NEW LAN, before we…

Hi to all Sophos Experts! I would like to share my experience with my SOPHOS XG86 Firewall. I tried to create a new firewall policy after updating the firmware to v18. I did some test and I encountered a weird issue with routing wherein when I selected…

We notice a strange routing decision of the XG to networks not routed by the XG itself. This traffic is forwarded to an IP address I cannot find any routes to. Also the XG does not even have an IP address in the network range of that IP address. If…

Dear, I'm evalutaing Sophos XG Home in Bridge mode. This is on a virtual appliance. I have experience with Pfsense, Palo Alto, Fortinet and Untangle firewalls. My home network has a pair of Cisco ISR G2 (3925E) routers in HSRP, each connected…

Can someone please help me! I have been having issues lately with my Sophos XG 330 rev.2 Firewall. First off I have had a complete system crash where I had to completely re-install firmware (the system reboots to "fail safe mode") Next I keep randomly…

We have 3 lines Line A: - has a fixed public Ip - is needed for authentication with MS services (Exchange365 and others). Certain requests to MS have to be initiated over this fixed Ip - is part of a VPN - has the lowest bandwidth Line B and C - have…

Im using XG Xtream SFOS 18.0.4 MR-4.I've successfully configured site-to-site IPsec tunnel. Im able to ping other no issue. Now i want to know how i can route specific websites over the tunnel to other point. Like facebook, Google and Instagram traffic…

Hi, I am running IP-sec s2s vpn between branch(Sophos- CR25ING, XG v17.5 ) to HQ (Palo Alto-5220), vpn established and working fine. for better security and filter, we need all traffic should be routed through HQ, how can we achieve this? I have…