What is everyone's experience with WAN link load balancing in v20? We're a K12 private school with two identical WAN links from different ISPs, Frontier and Comcast. Our goal is to enable WAN link load balancing in an active-active config, weight 1 and…

Hi i want to ask the configuration of (WAF) regarding customer request to enable an additional port, specifically port 11883.HTTPS is currently enabled and functioning without issues. To accommodate the client’s request for port 11883, I have created…

We have a /29 subnet from our ISP. I want to use a dedicated public address for our guest network traffic. I've added an alias on the PPPoE port and thought I could then just use an SD-WAN rule to route the traffic, but the alias doesn't appear in the…

Very nice! I need help setting up an IPsec tunnel between sites, the firewall models are "UTM - SG135, Firmware 9.719-3" and "XGS2100 - Firmware (SFOS 20.0.0 GA-Build222)". We have researched through forums and followed some steps that match the errors…

I am referencing this documentation https://docs.sophos.com/nsg/sophos-firewall/19.5/API/SYSTEM/Host%20and%20Services/IPHost/operations/AddIPHost&EditIPHost.html There's information on how to add or update an existing IP host object. However, I just want…

implementing vpn site to site connection, causes problems with ip telephony, when starting the connection or disabling the connection causes my voip phones to start disconnecting from the pbx. once the connection is established and having the vpn connected…

I need to log in to our router via SSH because the web console lacks the ability to disable SIP ALG. But when I try to login it claims my password is wrong - even though I just used it 2 minutes ago to access the web console. SSH is enabled for the…

Buen Día, Quisiera saber por qué al trata de acceder a la siguiente URL https://gala.com.pa/ no carga al realizar la petición desde cualquier segmento de red LAN. Se realizan pruebas: Permitiendo el dominio y la ip de la url Se agrega como…

SNAT with multiple WAN gateways isn't working.. WAN Gateway 1 = Port3 - its public with /27 worth of aliases WAN Gateway 2 = Port5 - its public with /28 worth of aliases (IP Host) SNAT with Port3 aliases work for all of the rules I've created…

I have TLS inspection setup on my main network running through a Sophos XG (20.0.2 MR-2) and am trying to setup Google Passkeys for G-Mail. The passkeys were setup using a different network connection, and they do work on another network. If I go through…

Good Day, We have a remote SSL VPN setup for Sophos Connect clients to remote into our network when working from home. We have two GWs Primary GW1: IP:154.x.x.x Backup GW2: IP:105.x.x.x One user is currently experiencing issues with their ISP…

hi, we had an incident where when of our devices had an attempt of access but with failure due to wrong password trials. I an suspecting that this device was on an unknown network outside our organization due to work from home policy we have. Is there…

Good morning. I need to replace a firewall model SG135 with an XGS 2100 (which had SFOS installed a few years ago). The facility has 20 APX320 access points, which are currently being managed by the firewall itself. After reviewing the documentation,…

Hello Community, here's the situation: Head Office (HO) : two WAN uplink connections, both have static IPs. One connection is 'cost based' and slower (backup WAN) and the other is quicker and has no traffic costs (primary WAN). Weights have been configured…

Documentation says for HA active-passive you should select a preferred primary device, because " only the initial primary device holds the licenses and supports services, such as FastPath offloading. ". Does this mean if auxiliary appliance is currently…

I could not figure out the details about traffic matching critera and further filtering within firewall rules. Can someone clarify what will happen if you select "Match known users" and "Block clients with no heartbeat"? Will the rule block no heartbeat…

Good morning everyone. Since the function of a company depends on the LDAP query, I would consider it extremely important to receive a warning. If the LDAP query fails. The MTA then no longer checks users if the connection to LDAP is disturbed (it cannot…

Hello All, We have a Sophos XGS connected to a metered WAN connection, in order for devices to connect to the internet the user must authenticate to the Sophos captive portal and at which point a weekly data transfer quota is applied. This has been…

Lots of posts about this. Here is an example. AD SSO - Cannot establish NTLM authentication channel with xxx Seems like the recommendation is to disable AD SSO in all zones. But what if we want SSO so we can log user web traffic? Why might we want…

Hello there, I have a customer who may want to buy a Sophos Firewall with the main reason of using it as a Web Proxy Server. Unfortunately I could not find information regarding WebSocket traffic inspection. My guts tell me that the SFOS will inspect…

Hi all, I was considering purchasing a virtual firewall, but I have a doubt to clear up. The vFW will mainly be used only to create a site to site where there will be about 100 users behind it. (There will be no local users on the LAN instead) In…

hi, i have friewall XGS2100 with Xstream protection. on that i am using ssl vpn for remote connectivity. so should i use ZTNA??? what extra benefits can i get if i use ZTNA?does xstream protection gives us few ZTNA licenses??? if i dont have Microsoft…

Hi all, I have an xgs 3100 firewall on which about 20 ipsec tunnels are attested. All these ipsec have fragmentation problems so I am forced to use mss-clamping. For example without mss-clamping an icmp packet passes as long as I set a size of 1400…

Hi I am new to Sophos, I like to know about something Sophos VPN Local setup I have installed somehow sophos connect by a link provided in community, To use sophos vpn in my local machine, but i cant import anything because i cannot enter into the…

Hi all, i have had a look at the Invalid Traffic page but as stated at the bottom doesnt resolve the issue, just reduces the number of logged entries My setup is as follows Core network is TPLink Omada (Manages the vlans) Sophos setup: Port1 …