I've got a Site connected with RED60 The RED itself uses a single IP Subnet /31 IP Address and has 4 VLAN with /26 Subnets attached. In the Mgmt VLAN are Sophos APX Accesspoints connecting to Central. That setup was running up and fine for years…

We are using BGP as the routing protocol to our ISP who provides us with two indepent WAN links and gateways which we can use as active/active or active/backup as we like. It seems that any setting in the Routing -> Gateway section of SFOS and the corresponding…

Hi I have XGS4300 (SFOS 19.5.4 MR-4-Build71),DNS change Automatically in Sophos Firewall it can possible or not can you please guide how to resolve this issue.

Hi, Starting yesterday, I've received a few dozen Central email alerts on DDNS issues. The first issue is I'm getting alerts for the DDNS configured in the XG-125w: " What happened: FQDN xxxxx in location xxxx LLC isn't resolving to a valid IP address…

I am using Sophos Firewall SFOS 20.0.0 GA-Build222. How do I setup DNS over TLS (with Cloudflare)? I can't find any instructions on the Sophos help pages.

I have an APX320 on Port1 of an XGS. The original setup was to first bridge Port1, PortF1, and Port4 onto a bridge, LAN_Bridge, and then have the AP send three of its SSIDs down VLANs and bridge the other SSID to its LAN (LAN_Bridge). So the VLANs (LAN_Bridge…

I had our Sophos XG87 configured by our reseller when we bought it, since I knew nothing about how to do it properly. I've learned a lot and have changed quite a few things, but want to make a foundational change that will require destroying several things…

Port 1 was configured for LAN Usage VLAN 20 was added to Port 1 Port 1 was then unbound, VLAN 20 went away. Created VLAN 2 on the (unbound) Port 1 Wanted to create VLAN 20 again and add to Port 1 as well Get message " Interface name exists.…

I've found a number posts requesting assistance with this, but it appears that no one has had a win. We have multiple sites, all which have multiple WANs configured. In some cases, it's Active/Backup, in others, we are load balancing multiple WANs …

I could swear that back in the day (maybe 18.5 or 19) that DDNS updated every five or 10 minutes and you could see this in the logs. We were using Google -- which has now sold its business -- and have switched to Cloudflare, and I'm not seeing any updates…

Kinda stupid question: Is there any "how-to doc" to setup a simple IPv6 dual-stack enviroment on XGS? Maybe the "right and secure" way to implement from v4 only to dual-stack? Nothing special need, just that a IPv6 client can reach the WAN via IPv6..…

Hello, I have a bridged interface. Port 1, 4, and 8. VLANs 1, 10. the bridge is in the LAN zone. VLAN 10 supports nearly all traffic, VLAN 1 exists for a private wifi network that allows guests/vendors to use the internet, but prevents them from…

There is an option to set the gateway to be activated manually. Is the process just to login to the firewall and change it from backup to active or is there something that becomes apparent when there is a gateway failure? I checked this documentation…

Customer is installing a new ISP connection but will have the old one for a while as they have WAF to an internal server, and DNS pointing to current ISP PIP. Left Port2 configured as it was. WAN zone, with static IP info. Configured Port3 to be the new…

Hello, Please some help understanding the following scenario: VLAN ID - 400 VLAN ID - 410 On the network with vlan ID 400 I can use the ip gateway from VLAN ID 410 and it works! Rules are applied correctly (from VLAN ID 400). This happens in all the…

Hello, I'm kinda new to networking and I'm currently working on a network lab to enhance my understanding of firewall concepts. My setup consists of the following: Virtual Machines: Kali Linux VM (IP: 192. 168. 10. 128) Windows VM (IP: 192. 168…

Is there a feature in Sophos Firewall to change TTL value of packets so that the authorized users in my network cannot share internet access by creating their personal WiFi Hotspot to connect unauthorized users to access the internet through my network…

Hi there, Need your help and expertise. We have an HA here with Sophos XGS2300 (SFOS 19.5.3 MR-3-Build652). The following problem occurs in particular with Webex Audio / Video. From external to internal and vice versa, the audio and video channel is established…

Hello, I need your kind assistance regarding a new Sophos XGS116 that I am using. Can you please tell me how to set the keep alive interval of a wan interface? It is set to ping at 8.8.8.8 but I do not know the interval of pings, how often they are. …

Hello, We just added a secondary ISP and I set it up as a new WAN interface. A laptop plugged into it gets an IP address and can get out to the internet, so I know it is working. I configured WAN failover (active-backup) and initially didn't modify…

Two on-premises servers are presented. Now is it possible to configure load balancing from Sophos Next-gen firewall? If possible then what kinds of requirements are needed?

Hello guys, my client is migrating from ISP to another. As you can see in the picture, this is gonna be the new topology. Is it possible to configure this way? I want to join Port2 and Port3 as a LAG interface; Port4 and Port5 as another LAG interface…

Hi, I observe a strange behavior regarding UDP Reply Packets on multiple WAN interfaces. Since we have configured a SIP hunting group with our telephone provider, the provider sends option pings on the 3 existing WAN interfaces. 3 DNAT rules are set…

Hi, I am new to sophos firewall world. Yesterday, I discovered that my firewall is still accessible using the default ip address that was assigned for initial configuration. I have discovered that Port 1 has this IP but there is no ethernet plugged…

In many customer-projects we need to change the interface <-> hardware-port associaton within network-projects. I'm aware that you can use XML export/import to do this, but there still the risk to forget about some dependencies and failing manual config…