Hi, When downloading this: http:// plan.getsmartday.com (Needs to be done from Edge) The installer starts but get's cancelled during the download. I have tested on 3 sites all with Sophos Firewall 18.5.1, 18.5.2 and 19.0.0, all the same, disabled…

Hi, until last week i've used only the web proxy funcionality. Now i've configured the SSL/TLS Inspection and have a strange behavior. The Veeam Backup and Replication Server (Backup03 - in Backup-LAN) can backup the ESX-Server in LAN. But the Veeam…

Hi All I am facing a strange error whereby there are no logs in the SSL/TLS inspection even though it SSL inspection is enabled and sophos is MiM the tls traffic. SSL Traffic is sucesfully decrypted on the end client using a custom CA. Logging in enabled…

I would not expect this on a Sophos machine: 2021-11-25 16:32:12SSL/TLS inspectionmessageid="19017" log_type="SSL" log_component="SSL" log_subtype="Error" severity="Information" user="me" src_ip="xxxxxxxx" dst_ip="23.36.239.66" user_group="xxxxxx…

Hello all, first of all our config: XG210 HA (SFOS 18.5.1 MR-1 build326). We currently have the following problem: Web Proxy off, DPI on: good performance, no noticeable limitations except for one application. The application is called WRIKE and is…

Hi to all, I'm pretty new with Sophos XG Firewall. I have a networked printer via LAN that needs to communicate with the outside to send status reports to the control panel via SSL. Is there a way to allow this on the firewall? My idea is to create a…

This is bad? Why can't my xgs decrypt all traffic?

I have a XG running 18.5.1 MR1. This XG has 2 physical interface bridged together with multiple VLANs. Each of these connections go to a managed switch via said Bridged(Trunk) connections. I have a Server in VLAN 5 that is connect to one switch…

Firewall (Sophos XG Home) SFVH (SFOS 18.5.1 MR-1-Build326) I cannot get HBOmax app to launch on any of my Roku devices. Roku TV, Roku Ultra, Roku stick. I am able to launch the HBOmax app on my android tv (although I've had other odd issues on it, ie…

Hi community I have a web policy that blocks particular urls of which youtube is a part. The concern that I cannot properly block the youtube.com site on my network when I use the DPI filtering mode. The site is inaccessible but the notification returned…

Hello everybody. Is the following statement true for XGS series products? SonicWall DPI-SSL scans all SSL/TLS traffic to decrypt, inspect, detect and mitigate hidden cyber attacks. Sophos has Proxy-based SSL decryption only on port 443.

Hello, I have noticed something I didn't expect and wonder if I misunderstood something or my firewall is "misbehaving". To decrypt HTTPS traffic I have to enable "Scan HTTP and decrypted HTTPS"... ... and need a TLS Inspection rule that decrypts…

hello, if we are using the dpi engine instead of the web proxy and in a firewall rule we have set a web policy to block gambling for example and someone hits a gambling site if using the dpi engine will they they be redirected to the custom block…

How should I interpret these errors in the context of SSL-Inspection?

Hi folks, I read the document with interest and noticed there was no mention of HTTP/2 support in the XG/XGS decryption profile. What is the Sophos way forward with this protocol to improve the security scanning on the XG/XGS? Ian

Hello, I found this discussion : https://community.sophos.com/sophos-xg-firewall/f/discussions/129553/ssl-inspection-microsoft-stream-server-did-not-respond-to-client-hello but this does not give answer for question what message "Server did not respond…

Hi, facebook site is broken when TLS scan is enabled. The weird thing is, its only in firefox, edge works fine. Do you have a hint for me?

Hello Community, I have a problem with Microsoft Stream if SSL Inspection in enabled. Some streams won't start. If I look into the SSL Log, I see the error message " Server did not respond to client hello " for host streameuwe1su051.azureedge.net. I…

In XGS series, SSL/TLS inspection throughput has increased significantly compared to XG series. I guess the inspection is processed not by NPU (Xstream processor) but by CPU and I'm interested in how it was possible to achieve such a significant performance…

Until recently we were using a self-signed certificate for SMTP email connections on our mail server. Yesterday we changed to a Letsencrypt certificate and started getting delivery failures to some but not all recipients. When we looked at our mail…

Hello, Our office has a XG330 - SFOS 18.0.5 MR-5-Build586. For the past few weeks, both on our WiFi and wired connections we are seeing high percentages of Packet loss (frequently over 50%) on receiving video/audio/screen shares. When I look at the…

Hello I'm wondering how Sophos XG validates the certificate chain (web surfing ssl inspection). We use web policies with "block invalid certificates" on a new installed sophos XG for a customer. Normally, we don't see a lot of blocked websites due to…

Hello Community, I have a problem with WebEx and SSL Inspection. I build a SSL Inspection Exception for "webex.com" and in the SSL Inspection Log I see the traffic to webex.com and the Subdomain as "Do not decrypt". If SSL Inspection enabled the User…

Hello Community, I have an interesting problem with an HP Pro 477dw printer and sending email via Office 365. When SSL Inspection is turned on on the firewall, it takes about 5 minutes for mail to be sent via smtp.office365.com (port 587 SSL/TLS). SSL…

Hi, I try to get anydesk running with TLS Inspection. I´ve read this post: https://community.sophos.com/sophos-xg-firewall/f/discussions/123967/how-to-allow-or-block-anydesk-when-using-tls-scanning I created a IP List with all the anydesk Servers…