TLDR - IEEE 802.1Q reserves VLAN ID 0 for a special purpose. Sophos XGS firewalls do not implement this special purpose correctly, preventing communication with some ISP Gateway modems. The request for proper implementation of VLAN ID 0 handling is being…

For firewall rules that allows access to a sensitive system (host) and where access is usually not required all the time, it would be nice to have a feature to enable them manually when needed but with a timer that disables the rule after 60 minutes or…

Hi all, any hints to configure mobile WAN as backup line? wired WAN is default but when line is down mobile WAN should jump in place. Mobile WAN must be turned on or not? WWAN Interface must be to automatic or manual? Thanks for help …

Hey Folks, while deploying one XGS after another we noticed that Client-IPs in reports e.g. aren't resolved into DNS Names like on our SG/UTM Models. We created a DNS request route: 168.192.in-addr.arpa and domain.local pointing to the internal Windows…

Hey Dears, I have a Sophos firewall version 19, I want to ask if i can deauthenticate an Ip shown in DHCP leased list to force it to obtain new Ip or disconnect it immediately? Thanks

When will ipv6 be supported over PPPoE ? When I use any other router / firewall I am able to get IPv6 over PPPoE just not via Sophos

HELLO When we create a routing rule (or other items that do not support renaming), and feel that the name is unreasonable or needs to be changed for other reasons, we find that the name cannot be modified and can only be rebuilt or copied. This is a…

Hello, Do you have any recommendations for classifying financial services/banks and bank websites in the Application object? I need to use SDWAN for this type of service, but generally access to these sites are classified as "Secure Socket Layer…

Hello all, I have several firewalls claimed on Sophos Central and SD-WAN connection groups among them. One of the branches will be without power for about two weeks, so the firewalls and tunnels to this branch will be offline. Is there a way to…

Hi, I read this forum discussion (10 months ago) and it was said that this will be a new feature request. Has it available right now ? xg / xgs - allow ip from specific asn number only Thanks.

Is there a feature in Sophos Firewall to change TTL value of packets so that the authorized users in my network cannot share internet access by creating their personal WiFi Hotspot to connect unauthorized users to access the internet through my network…

There are some errors in the predefined "Internet IPv4..." hosts. This list is the clearly wrong ones imho. Internet IPv4 (129-169) should be "(128-169)" Internet IPv4 (191-191.1) seems completely mislabeled, and likely incorrectly defined altogether…

How to block applications such as advanced ip scanner from scanning the network? my product is sophos xgs 2300

Is there any way to use SNMP to monitor traffic flow through an IPsec tunnel? I'm successfully capturing port traffic with SNMP but would also like to capture the traffic between our two sites via an IPsec tunnel.

Has Sophos figured out a way for firewall admins to see a numerical count of active DHCP leases? OR are we still relegated to paging through and counting the leases?

hi . i want to use the CLI to add VLAN ID to the lan interface . how can i do that ? i tried using the Device concole but i find that i can do that only for bridge interface. Thanks

Hi; I want to do monitoring from snmp service but I don't want to open snmp service to the all world , I only want to allow snmp to the specific ip adress. for this process; I am going to system -> administration -> snmp and activated the snmp service…

When forwarding DNS to servers like 1.1.1.1 or 8.8.8.8, is it possible to do so using DoH?

Hi. Does anyone know if it's possible to exclude configured network interfaces from the coloured interface status icon on the home page of the firewall? Its purpose is to show at a glance of connectivity problems. However, sometimes it is normal for an…

Hi, we migrated our SG to an XGS. After this we have the problem that we can not migrate this 1:1 NAT map source rules: www.sult.eu/.../ We use this rules to forware a IPSEC VPN remote network to an XGS headquarter firewall transfer network and from this…

Hallo @all, regarding https://community.sophos.com/sophos-xg-firewall/b/blog/posts/generative-ai-policy-enforcement-with-sophos-firewall is there any way to use the new application category for the web policys? Application filtering only allowing allow…

Hello everyone, One of my clients has an XGS Firewall, and their gateway is an LTE router with a SIM card that provides 80 GB of data volume per month. When the data volume is exhausted, the client experiences poor internet speed, making work difficult…

Hello, I found a few threads, that there was no traditional DHCP reservation and you have to use a static MAC Mapping outside the DHCP pool. Did that feature got implemented yet or do you still need to use that way? If not, then is there a nown…

Simple Question. I know about 6 years ago this was a suggested feature and it is currently being used for HA configuration of XG Firewalls, but I do not see it available for use/configuration outside of that. When will this be added? Is it anywhere…

I appreciate the fact that Firewall Rules can be grouped, as this makes for more flexibility in the sorting and managing of rules versus not. However... the default option for firewall rules is "Automatic" which if you forget to change, jams it into the…