• Microsoft ClickOnce download fails

    twister5800
    twister5800
    Hi, When downloading this: http:// plan.getsmartday.com (Needs to be done from Edge) The installer starts but get's cancelled during the download. I have tested on 3 sites all with Sophos Firewall 18.5.1, 18.5.2 and 19.0.0, all the same, disabled…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • SSL/TLS Inspection is blocking Veeam Backup Agent

    Gotschek
    Gotschek
    Hi, until last week i've used only the web proxy funcionality. Now i've configured the SSL/TLS Inspection and have a strange behavior. The Veeam Backup and Replication Server (Backup03 - in Backup-LAN) can backup the ESX-Server in LAN. But the Veeam…
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • SSL/TLS inspection

    wingman
    wingman
    Hi All I am facing a strange error whereby there are no logs in the SSL/TLS inspection even though it SSL inspection is enabled and sophos is MiM the tls traffic. SSL Traffic is sucesfully decrypted on the end client using a custom CA. Logging in enabled…
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • www.sophos.com - DPI Error: Server did not respond to client hello

    LHerzog
    LHerzog
    I would not expect this on a Sophos machine: 2021-11-25 16:32:12SSL/TLS inspectionmessageid="19017" log_type="SSL" log_component="SSL" log_subtype="Error" severity="Information" user="me" src_ip="xxxxxxxx" dst_ip="23.36.239.66" user_group="xxxxxx…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Web Proxy vs. DPI = partially slow vs. malfunctioning

    rajuhn
    rajuhn
    Hello all, first of all our config: XG210 HA (SFOS 18.5.1 MR-1 build326). We currently have the following problem: Web Proxy off, DPI on: good performance, no noticeable limitations except for one application. The application is called WRIKE and is…
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • how to allow a printer to communicate externally via SSL

    Ezio Tirimacco
    Ezio Tirimacco
    Hi to all, I'm pretty new with Sophos XG Firewall. I have a networked printer via LAN that needs to communicate with the outside to send status reports to the control panel via SSL. Is there a way to allow this on the firewall? My idea is to create a…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Why can't my xgs decrypt all traffic?

    Andre Soares
    Andre Soares
    This is bad? Why can't my xgs decrypt all traffic?
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Bridged VLAN - RDP - SSL Engine Issue - Server did not respond to client hello

    CdnWolf
    CdnWolf
    I have a XG running 18.5.1 MR1. This XG has 2 physical interface bridged together with multiple VLANs. Each of these connections go to a managed switch via said Bridged(Trunk) connections. I have a Server in VLAN 5 that is connect to one switch…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • hbomax app blocked

    RICK G
    RICK G
    Firewall (Sophos XG Home) SFVH (SFOS 18.5.1 MR-1-Build326) I cannot get HBOmax app to launch on any of my Roku devices. Roku TV, Roku Ultra, Roku stick. I am able to launch the HBOmax app on my android tv (although I've had other odd issues on it, ie…
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Block youtube

    nayah
    nayah
    Hi community I have a web policy that blocks particular urls of which youtube is a part. The concern that I cannot properly block the youtube.com site on my network when I use the DPI filtering mode. The site is inaccessible but the notification returned…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Proxy-based SSL decryption on port 443 only

    Andre Soares
    Andre Soares
    Hello everybody. Is the following statement true for XGS series products? SonicWall DPI-SSL scans all SSL/TLS traffic to decrypt, inspect, detect and mitigate hidden cyber attacks. Sophos has Proxy-based SSL decryption only on port 443.
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • TLS Inspection not on HTTPS

    Kaspar Janßen
    Kaspar Janßen
    Hello, I have noticed something I didn't expect and wonder if I misunderstood something or my firewall is "misbehaving". To decrypt HTTPS traffic I have to enable "Scan HTTP and decrypted HTTPS"... ... and need a TLS Inspection rule that decrypts…
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • DPI Engine and custom block page

    IT American Rock Salt
    IT American Rock Salt
    hello, if we are using the dpi engine instead of the web proxy and in a firewall rule we have set a web policy to block gambling for example and someone hits a gambling site if using the dpi engine will they they be redirected to the custom block…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Errors at SSL-Inspection.

    BeEf
    BeEf
    How should I interpret these errors in the context of SSL-Inspection?
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Has Encryption Made Your Current Firewall Irrelevant? Latest from Sophos about decryption on XG/XGS

    rfcat_vk
    rfcat_vk
    Hi folks, I read the document with interest and noticed there was no mention of HTTP/2 support in the XG/XGS decryption profile. What is the Sophos way forward with this protocol to improve the security scanning on the XG/XGS? Ian
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • SSL / TLS inspection, "Server did not respond to client hello" message meaning

    Petr Odvarka1
    Petr Odvarka1
    Hello, I found this discussion : https://community.sophos.com/sophos-xg-firewall/f/discussions/129553/ssl-inspection-microsoft-stream-server-did-not-respond-to-client-hello but this does not give answer for question what message "Server did not respond…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Facebook broken in Firefox when TLS Scan enabled

    hoosty
    hoosty
    Hi, facebook site is broken when TLS scan is enabled. The weird thing is, its only in firefox, edge works fine. Do you have a hint for me?
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • SSL Inspection Microsoft Stream: Server did not respond to client hello

    Ben@Network
    Ben@Network
    Hello Community, I have a problem with Microsoft Stream if SSL Inspection in enabled. Some streams won't start. If I look into the SSL Log, I see the error message " Server did not respond to client hello " for host streameuwe1su051.azureedge.net. I…
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • XGS series: SSL/TLS inspection throughput improvement

    Taku
    Taku
    In XGS series, SSL/TLS inspection throughput has increased significantly compared to XG series. I guess the inspection is processed not by NPU (Xstream processor) but by CPU and I'm interested in how it was possible to achieve such a significant performance…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • "Blocked due to using client certificate" error

    JasP
    JasP
    Until recently we were using a self-signed certificate for SMTP email connections on our mail server. Yesterday we changed to a Letsencrypt certificate and started getting delivery failures to some but not all recipients. When we looked at our mail…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Sophos XG v18 - High packet loss in Zoom

    Jbogman
    Jbogman
    Hello, Our office has a XG330 - SFOS 18.0.5 MR-5-Build586. For the past few weeks, both on our WiFi and wired connections we are seeing high percentages of Packet loss (frequently over 50%) on receiving video/audio/screen shares. When I look at the…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • SSL Inspection (imported list of Root CA/Intermediate CA)

    Michi Schlüter
    Michi Schlüter
    Hello I'm wondering how Sophos XG validates the certificate chain (web surfing ssl inspection). We use web policies with "block invalid certificates" on a new installed sophos XG for a customer. Normally, we don't see a lot of blocked websites due to…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • SSL Inspection and WebEX

    Ben@Network
    Ben@Network
    Hello Community, I have a problem with WebEx and SSL Inspection. I build a SSL Inspection Exception for "webex.com" and in the SSL Inspection Log I see the traffic to webex.com and the Subdomain as "Do not decrypt". If SSL Inspection enabled the User…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • SSL Inspection and smtp.office365.com Port 587

    Ben@Network
    Ben@Network
    Hello Community, I have an interesting problem with an HP Pro 477dw printer and sending email via Office 365. When SSL Inspection is turned on on the firewall, it takes about 5 minutes for mail to be sent via smtp.office365.com (port 587 SSL/TLS). SSL…
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • SSL/TLS Exception for Anydesk

    hoosty
    hoosty
    Hi, I try to get anydesk running with TLS Inspection. I´ve read this post: https://community.sophos.com/sophos-xg-firewall/f/discussions/123967/how-to-allow-or-block-anydesk-when-using-tls-scanning I created a IP List with all the anydesk Servers…
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • View related content throughout Sophos Firewall
  • More
  • Cancel
<>