Using TLS decryption and vendor Docusign suddenly causes issues with our XG firewall on 19.5.3. Happens also on other browsers and OS. Here Safari in MacOS. it works using classic proxy as described here: https://support.sophos.com/support…

Hello everyone, Since v20 I need to disable / enable a SSL/TLS Decryption rule nearly every to every 2 days. It stops processing traffic and on a client device it "feels" like the internet is down. This instantly recovery after disabling / enabling…

Hello Everyone, Do you know how to disable TLS/SSL Server Supports The Use of Static Key Ciphers and commonly used Diffie-Hellman primes : on port 4443 on Sophos Firewall?

I need to add the TLS exclusions for allowing Office365 updates through because the Web Protection module is blocking them - I can update my Office365 apps fine without the protection as this has been tested successfully. My firewall is XGS87 running…

Dealing with a strange issue where the FW appears to be trying to decrypt a site even though the setting is OFF. Is there another policy that would be impacting this (or producing this sort of error)?

Hi Team, I configured a DPI Rule, that should decyrpt SSL/TLS Traffic, but it actually doesn´t, despite Policytest says, it does. Even if AV Scanning is active, the firewall does not block access to https://secure.eicar.org/eicar.com.txt . If…

Dear community, i think we are suffering the same problem mark57165 described in his post 'IPS Service - with no FW rules - Prevents Certain Sites from Loading'. https://community.sophos.com/sophos-xg-firewall/f/discussions/134535/ips-service---with…

Hi Sophos Community, We've had it reported to us by those that use the monitoring software that https decryption has stopped working. We aren't exactly sure when it stopped working, but it appeared to have done some time after moving to 19.5. Though…

I am investigating importing our TLS certificates using the SFOS API but running into an error that I am struggling to understand. The request XML: <? xml version "1.0" encoding "UTF-8" ?> < Request APIVersion "1905.1" > <!-- API Authentication…

Hello everyone, today the first occurences of DNS over TLS showed up in one of our customers logs. We have TLS Inspection rolled out at the company and are asking ourselves if the TLS Inspection also inspects DNS over TLS traffic and DNS over HTTPS…

Is the firewall (MTA mode) not accepting SMTP with SSL/TLS also on port 465/587? My Epson printer is not able to connect on 465/587 with the firewall: /log/smtpd_main.log -> nothing in log /log/smtpd_reject.log -> nothing in log ACL violation? Source…

Hi, after our installation of the firmware SFOS 19.5.2 MR-2-Build624 we have problems with sides with the follow error: Dropped due to TLS engine error: messageid="19006" log_type="Content Filtering" log_component="SSL" log_subtype="Error" severity…

Hi All XG330 (SFOS 19.5.2 MR-2-Build624) I have the problem of connectivity lost, in MS Teams while meeting as picture below. According to analyse packet between incoming and outgoing when we use MS Team, I found that in the time of connectivity…

I do not understand why this happens. I noticed it when I was in firewall log and build a filter like this: It does what it should do: If I then switch the log to TLS Inspection, it shows me only allowed traffic. I know that this filter "allowed…

Hi all, I was playing with SSL/TLS decrpytion and it breaks RDP connecyions with error "The Local Security Authority cannot be contacted". The only exception that works is if I make the excpetion for the address I am connecting to, which is extremly…

Hi, when you attempt to delete a group and it is in a firewall rule you are disshown a message advising the that group exists in firewall rules or policies. If the group is in a SSL/TLS rule you are shown a message cannot be deleted, which is not very…

Hey all, I've noticed that at home - a portion of IG won't load when connected to the Sophos VPN. I've checked the firewall logs and don't see anything blocked from IG. Any ideas of how/what I can do to get this allowed again?

Hi, an application tried to decrypt a SSL/TLS connection but was getting an error "unknown ca(48)" : messageid="19018" log_type="Content Filtering" log_component="SSL" log_subtype="Error" severity="Information" user="<changed>" src_ip="<changed>"…

Hi We have XG firewall on our locations. Is there any way to perform web filtering and SSL inspection without certificate warning for https web sites on mobile devices? Guest users don't have certificates installed and can access every site. Re…

Hello everyone. I have Sophos XG in my home. I created all the rules and activated all protections IPS , ATP , SSL/TLS Decrypt etc. In local TLS exclusion list i added Battle-net , Blizzard and other games i play. When SSL/TLS decrypt is on Diablo 2…

We are having something happen on our Firewall which we are implementing and can't quite get our head around it. We have traffic coming from some clients. HTTPS specifically. We have a rule which allows HTTPS traffic from the clients IP to the WAN with…

Hello, I have problems with a few clients to access some pages. In the browser appears a SSL_PROTOCOL_ERROR. In the log viewer in the module SSL/TLS inspection appears the error "Dropped due to TLS engine error: OUT_OF_MEMORY[201". For some the error…

I can't print when Mac and Printer are connected through XG Firewall's bridge. Mac - XG br0 - Printer I can print by disabling SSL/TLS engine. Or I can print by disabling IPv6. IPPS (Internet Printing Protocol over TLS) is used for printing. When…

We're having a strange situation again after it happened last week already on our SFOS 19.0.1 XG430: Some users browse to a website that has no exceptions on our firewall for decryption. The browser (firefox or chrome) show an error that the site…

I have an application, Parallels Access, that as part of its login process connects to different Parallels websites. I am getting the error "Blocked due to using client certificate" that then fails the connection, and I can't log in to the Parallels server…