Hello, I am converting our customers from primitive FWs to Sophos XGS's and testing TLS decryption. Would anyone be so kind to walk me through what is happening in specific case below: Setup: TLS enabled, any of default profiles, Sophos CA as trusted…

Need help on this issue, I tried to configure the SD WAN routes destination to use SD WAN profile, but the traffic keep going through default. I have tried to disable the Underlay SD WAN route and access speedtest.net (I put speedtest.net as destination…

Hi all, I'm using OSPF but don’t want to redistribute all routes. On Cisco, I would probably use a route map to filter which routes need to be advertised. Here with XGS, I have unchecked "Redistribute connected" and "Redistribute static." I’m using…

I have two clients that use the same ISP. One client has an XGS87 and the other XGS116. The ISP does scheduled maintenance at night knocking the firewall offline. My clients will have to power cycle the firewalls to get them to connect in the morning…

Hi, all of a sudden we see that our FreePBX installations triggers Network-attacks in our XGS. "Attacker" is our FreePBX, 192.168.1.22 - "Victim" is the IP of our SIP-Trunk Provider. Attack : PROTOCOL-VOIP Contact header format string attempt. This…

Hi, we're experiencing a problem with Ipsec Vpn (site2site) from Sophos to Cisco. In the Ipsec tunnel we have two subnet (subnet1 e subnet2) at sophos vpn side and one subnet (subnet3) in the remote site managed by cisco. It seems that only on subnet…

Hi, I have forced a rule where users has to vpn no matter what when they are outside our network domain. I was able to perform a file provisioning that auto connect users to VPN, however I still have one issue is that sometimes, before connecting…

We are experiencing an ongoing connectivity issue with the Microsoft Teams App when conducting online meetings in our organization. Whenever a meeting is scheduled and participants are invited, only the initially invited users can communicate effectively…

Hello community, we wanted to add rdp files to the list of blocked e-mail attachements. Under blocked filetypes we added "rdp" but such attachements are not blocked. Other filetypes like f.e. "xls" are blocked correctly. Do we have to add the rdp…

We use a lot of single user RDP sessions so I've configured STAS with Registry Read polling and it works except for two issues: - When the polling happens every three minutes, the live users for the RDP sessions drop out for up to 10 seconds. - If…

I need to block thumbnail for websites can we do it with Sophos Firewall

Hello Good Day, I m using Sophos XGS 136 and web policy roles are working well but after a while when I search for sex images they appear but do not open the website. So please how to not appear in searching engine.

Hi team , We have configured the SSL VPN in the firewall and allowed a single IP address in the permitted network resources, When we connect with VPN from other network, It will show the entire /24 network IP address as well as a single IP in the…

Hi, I have a proxmox hypervisor I use it to spin up VMs and LXC containers, and I use MAC addresses to enforce some rules on my Sophos firewall. how can I add a MAC range so all the new VMs that have random generated MAC addresses (under the same vendor…

Hi zusammen, ich habe Probleme bei dem Hochladen bzw. validieren von den Lets Encrypt Zertifikaten. Die Zertifikate werden vom NGINX ausgestellt bzw. über diesen. Die Zertifikate sind auch gültig und werden auch so im Browser angezeigt. Da ich…

Hi all, Sophos XGS SFOS 20.0.2 MR2. When I try to check a ping: It only accepts IP Addresses or names without capital letter! I can resolve blabla.domain.local but not BlaBla.domain.local "Please enter a vlid IP or hostname". Is that bug or…

Good day How do l configure wireless expansion modules on a XGS 136 firewall. Have done all the wireless settings on the firewall

I’m currently facing some connectivity challenges with my network setup. My PABX and SIP systems are working fine—they respond to ping requests, so they’re definitely online. However, I can’t seem to get any incoming connections from the PABX to my Sophos…

Hey guys, I have v21 installed and noticed a few entries under the Zero Day Attachments and Downloads. Some fantastic information in the reports and a bunch of screenshots of the documents / files and a desktop. Question: How is Sophos XGS taking…

Hello, I have a situation where i need to assign IP addresses to SSL remote access VPN clients from a certain subnet (10.10.10.0/24), and bridge the connection with a router (10.10.10.1) connected to a DMZ interface. I understand that the firewall assigns…

1 Firewall 2024-10-26 14:10:51 Appliance Access Denied N/A 0 PortA1.10 10.10.1.3 10.10.1.255 137 …

Hi there, I am looking to configure a RDP Bockmark to allow our user to use the terminal servers on the road without using a VPN. Because of security reasons I want to use NLA, my question woud be is there any way to give the user the ability to change…

I recently add a new firewall for the branch office , so we have 2 firewalls one for the main office and one for the branch office, branch office can ping our ip's, but we from Main branch we can not ping any of their ip's, not even 1, it's really strange…

So, I wanted to post a bit of a rant here regarding an undocumented change to RADIUS authentication after SFOS 20.0.0 that has broken my DUO MFA implementation. For years I have had my users added from AD and I was able to pull multiple groups through…

Hello everyone!! I have a problem accessing a certain GitHub URL. For example, when I try to update Pi-hole the address objects.githubusercontent.com cannot be resolved: At first, I thought it was an issue with Pi-hole itself or with openDNS…