hi i previously posted a question on how to migrate trunk vlans from one port to another mew port for lag configuration. Once i did the transfer we lost connection with dhcp all clients cannot get ip address but once they get a static ip the communication…

How i can disable CBC mode and chacha20 affected algorithms and enable CTR or GCM cipher mode encryption.

i have configured a clientless sftp policy that contains the bookmark and the bookmark contains the private and public key along with server information. I created a user on our portal and allowed it to use this policy. I did on the side another rdp policy…

Hello, I'm seeing more and more ISPs asking for CPE P-bit setting for their connections. As far as i know, Sophos Firewalls still doesn't support this forcing us to use a bridged router supporting this feature in front of the Sophos FW. Please consider…

I got a Sophos XGS126 on a customer site and I need to configure 7 IP TVs. I need assistant to configure those TVs. Since the TVs using multicast addresses is it possible to configure these without multicast addresses because ISP said that configure TVs…

I have a few subnets, and all of them have a dhcp server/pool range for specific range. A few of them have a IP reservation (bind mac to IP address). The error/strange behavior I get is if the MAC address is in list for reservation in any of the dhcp…

Hi all, Started to have this issue the last day in the office 30mins before i left for the weekend. Basically our network has been going very slow and i have lots of this in the firewall..... like non stop. Am i right to believe fe80: is internally…

I am reaching out regarding an XGS 116 recently purchased by a client. Interestingly, VoIP functionality—both inbound and outbound—is fully operational without any specific configurations applied to the device for the VoIP provider. There are currently…

Hi, I have a proxmox hypervisor I use it to spin up VMs and LXC containers, and I use MAC addresses to enforce some rules on my Sophos firewall. how can I add a MAC range so all the new VMs that have random generated MAC addresses (under the same vendor…

I’m currently facing some connectivity challenges with my network setup. My PABX and SIP systems are working fine—they respond to ping requests, so they’re definitely online. However, I can’t seem to get any incoming connections from the PABX to my Sophos…

Hi all, i have had a look at the Invalid Traffic page but as stated at the bottom doesnt resolve the issue, just reduces the number of logged entries My setup is as follows Core network is TPLink Omada (Manages the vlans) Sophos setup: Port1 …

Hey Guys, I am using the Sophos XG as DHCP server which provides two DNS servers. One is a Pihole and the other one is the SophosXG itself. So normally the devices should resolve internal and external domains via Pihole, but when it is not available…

Hi everyone! I’m facing a puzzling connectivity issue in my PABX setup. My NS300 cannot be pinged from my Sophos XG4500 when my SIP router is connected to the core switch. However, I can still make calls outside, which adds to the confusion. Coreswitch…

TLDR - IEEE 802.1Q reserves VLAN ID 0 for a special purpose. Sophos XGS firewalls do not implement this special purpose correctly, preventing communication with some ISP Gateway modems. The request for proper implementation of VLAN ID 0 handling is being…

Hello, I've added a DHCP-Server for an interface on my XG. The interface is an RED-VLAN-Interface and ping from the switch is working. An Accesspoint connected to the switch did not get an IP-Adresse. Today we found out, that we have the same problem…

A customer site has a 2nd gateway that is required to access one of their vendor's systems. Our Sophos XGS has static routes in place to direct any traffic intended for the vendor network to the 2nd router. Rather than adding host entries for the vendor…

HI How can i check the interface counters for WAN interfaces in the Sophos firewall ?

Hi, I have set up a free account with FreeDNS. My public IP address is pointing to the correct subdomain.mooo.com However, I have a query about the hostname, SF only accept: subdomain.mooo.com. But in order to work, you need to include the update…

Hi, we have the below IP series in Wan port and alias, all tunnel services are running. now ISP is providing a new alias /29 subnets with different IP series if we add a new alias /29 subnets with the existing setup it will work or not. - Port…

Hi folks, a question about XG ability to decode DNS over HTTPS and TLS, can the current version of XG decode DNS requests sent to it using HTTPS or than TLS? Ian

Currently I have some trouble providing Firewall access to some load balanced CDN services on Akamai Servers, where the corresponding DNS names have short TTL's when using wildcard FQDN like *.docusign.net when the URL accesses will be demo.docusign.net…

Hello all, I'm used to another known firewall vendor but I decided to give this for my home network a try since the other solution is way too expensive. My goal is to use a single link between my switch and my Sophos appliance so I do not need lots…

Hi, Is there any option to detect internal network port scans from within the network or networks? Like for example using nmap or netcat or others from inside the local network, not from a wan source. I'm posting this in endpoint as well. Thanks…

Hi everyone, I am using a Huawei 3372 LTE stick on my SG-125 with SFOS for a couple years now. It is configured in DHCP mode as a failover WAN connection when the main connection goes down. Up until now this worked as intended but after upgrading the…

Hi All. Firstly, thank you for your time to help! Let me give you a quick breakdown of my network and then I will explain what I am trying to do. I have a XGS 2100 running on v20 SFOS. I have 2 ISP connections, a primary and a backup. (I have set…