Trying to create a WAF rule and it's thowing an error " Service is already configured on the specified port, choose another port" I've checked all firewall rules, NAT rules, admin/user settings, SSLVPN and can't find this port being used anywhere. …

Getting the following error requesting Lets Encypt certificate "type":"urn:ietf:params:acme:error:connection" "detail":"xx.xx.xx.xx: Fetching xxxxxxxxxxxx/.../mhmbdFphj1tfMCrRkrqqrp2CrgNY54ipSQeI66mcGFQ: Timeout during connect (likely…

We're discovering a strange issue with HTTPS decryption and ChatGPT in all browsers we use. ChatGPT is unusable when we're logged in with the ChatGPT-licensed Microsoft Account. Any chat request generates this or similar errors: On the of SFOS 20…

Hello. I am starting to get acquainted with Sophos Firewall sf01v (sfos 21.0.0 ga-build169). I have configured blocking of sites (for testing I have prohibited access to facebook.com). Tell me how to configure an exception for access to facebook for certain…

I'm experiencing with the API and Postman. We use a wildcard-certificate and I wants to update all WAF-Rules at once. Becuase the GUI-way ist very hard (every time set the certificate, all domains will be dropped and the domain from the certificate only…

I am running into issues with getting information on how to get get ABS Type Classification to install the XGS firewalls on board ships. The customer does not want to install the XGS firewalls without type classification and/or some time of approval by…

Good day We are having a challenge, we have a firewall XGS 2100 , some devices that are connecting with wifi, they receive ip address from DHCP in the firewall, we have a firewall rule for the devices with Mac address, but the devices they are not receiving…

Good afternoon, I have a Sophos firewall that is integrated with a Windows Server Active Directory.Can a domain user be blocked from browsing the Internet through Sophos, but allow the computer they use to download and update the operating system, and…

We have AD synced Groups. We use them for FW Rule permissions, SSL VPN access and MFA control on the Firewall. Now we have this scenario: User XY is member of these groups: Group A (used for a firewall rule) Group B (all members of the company,…

Hello everyone, I have issue with routing over VPN IPsec tunnel. In my setup there are two Sophos XGS116 firewalls running SFOS 20.0.2 MR-2-Build378 located on HQ site and BO site. Each site has stabile ISP connection with static IPv4 address. VPN IPsec…

Hello everyone, we have a XGS set up with SSL VPN, the VPN Portal, AD integration and MFA for every user. Currently we are facing brute force attacks on the VPN Portal. We tried to prevent those by setting up an ACL rule which is blocking countries…

Hi, Good day! I'm currently experiencing an issue where I can’t access my GUI. I checked the Tomcat service, and it shows as "stopped." I’ve tried restarting it several times, but it still won’t start. I even attempted a factory reset, but the Tomcat…

Hi community, I need help to complete this configuration. A customer needed to improve the VPN configuration beween his hq to the Oracle datacenter. He had 4 classic IPSEC vpn PROVIDER1-ORACLEIP1 PROVIDER1-ORACLEIP2 PROVIDER2-ORACLEIP3 PROVIDER2…

Hi all, Started to have this issue the last day in the office 30mins before i left for the weekend. Basically our network has been going very slow and i have lots of this in the firewall..... like non stop. Am i right to believe fe80: is internally…

Hi All On 21GA we are trying to set up the thread feed firehol_level1 feed https://iplists.firehol.org/files/firehol_level1.netse t The feed is retrieved but not loaded into the system, all their other feeds do work unless they are to big to load…

I am reaching out regarding an XGS 116 recently purchased by a client. Interestingly, VoIP functionality—both inbound and outbound—is fully operational without any specific configurations applied to the device for the VoIP provider. There are currently…

Hello, I am converting our customers from primitive FWs to Sophos XGS's and testing TLS decryption. Would anyone be so kind to walk me through what is happening in specific case below: Setup: TLS enabled, any of default profiles, Sophos CA as trusted…

Need help on this issue, I tried to configure the SD WAN routes destination to use SD WAN profile, but the traffic keep going through default. I have tried to disable the Underlay SD WAN route and access speedtest.net (I put speedtest.net as destination…

Hi all, I'm using OSPF but don’t want to redistribute all routes. On Cisco, I would probably use a route map to filter which routes need to be advertised. Here with XGS, I have unchecked "Redistribute connected" and "Redistribute static." I’m using…

I have two clients that use the same ISP. One client has an XGS87 and the other XGS116. The ISP does scheduled maintenance at night knocking the firewall offline. My clients will have to power cycle the firewalls to get them to connect in the morning…

Hi, all of a sudden we see that our FreePBX installations triggers Network-attacks in our XGS. "Attacker" is our FreePBX, 192.168.1.22 - "Victim" is the IP of our SIP-Trunk Provider. Attack : PROTOCOL-VOIP Contact header format string attempt. This…

Hi, we're experiencing a problem with Ipsec Vpn (site2site) from Sophos to Cisco. In the Ipsec tunnel we have two subnet (subnet1 e subnet2) at sophos vpn side and one subnet (subnet3) in the remote site managed by cisco. It seems that only on subnet…

Hi, I have forced a rule where users has to vpn no matter what when they are outside our network domain. I was able to perform a file provisioning that auto connect users to VPN, however I still have one issue is that sometimes, before connecting…

We are experiencing an ongoing connectivity issue with the Microsoft Teams App when conducting online meetings in our organization. Whenever a meeting is scheduled and participants are invited, only the initially invited users can communicate effectively…

Hello community, we wanted to add rdp files to the list of blocked e-mail attachements. Under blocked filetypes we added "rdp" but such attachements are not blocked. Other filetypes like f.e. "xls" are blocked correctly. Do we have to add the rdp…