As I've worked through some (not all) setup issues, one that continues to stump me is the fact that when my NAS is connected to switch along with all other LAN devices and incoming internet from router, life is good. I can access my NAS no problem. …

Hello there, I’m trying and failing to route all internet traffic from device 10.5.15.20 at SITE B across the layer 2 MAN and out ISP1 WAN at SITE A. I’m trying not to impact any other traffic at SITE B with this configuration, only internet bound…

Hello Everyone, Apart from Sophos SSL VPN, I have a Centos based OpenVPN server, which is behind my firewall. My OpenVPN clients access that server through a DNAT rule. I have created a VPN tunnel (Site-to-Site) between Sophos XG and AWS, using this…

Hello everybody, can these two devices work together? And if it is possible, what is the best way to connect this UDMP to Sophos? At the moment customer is using UDMP as router/firewall. Thanks

Hello, I have bought my first Sophos Firewall and I need some help. Setup: Port1: LAN - 172.16.0.1/23 Port2: WAN - Public IP (PPPoE) Port3: LAN - 192.168.1.1/24 Site-to-Site IPsec tunnel: Port1 172.16.0.1 (local site) - 192.168.0.1/22 (remote…

Hi there, I have no experience with Sophos firewalls. I recently purchased XG 125 for a small office. I have done the initial set up and the device is connected to the internet. I connected a level one switch (unmanaged) to the one of the LAN ports…

Setup Sophos XG 330: LAN Port 9 10.0.0.248/24 LAN Port 9.8 10.0.8.248/24 FIREWALL RULE: LAN any - LAN any ALLOW Port 9 plugged in Switch port 24 Layer3 Switch: VLAN 0 10.0.0.1/24 VLAN 8 10.0.8.1/24 Port 24 Trunk ALLOW ALL VLAN Port 1 VLAN=0 Port 2 VLAN…

Hello, i have a problem and i hope you can help me: 1) I have a zone called >RED, with my REDs in branch offices (Ip-network: 192.168.41.1/24) 2) I have some destinitions which are connected with IP-Sec connections (IP-Network: 172.30.200.0/24…

Hello, I apologize if this is a rookie question. I have 2 XG 430s in HA mode behind a Cisco 3900 router. ISP>Cisco>XG>Users My question is can we use the Firewall(s) for routing and eliminate the Cisco router? I believe it's only doing layer 3 routing…

I've tried to follow rfcat_vk's excellent documentation of the current state of IPv6 in SFOS. And I've been feeling like I'm missing out that my ISP doesn't offer IPv6 (they've said "coming soon" for a year now, maybe more). But the more I look into it…

Hi All, newbie in Networking. Currently, we have this network setup We are planning to get an additional ISP exclusive for one of our departments. Is it possible to connect another modem(ISP) to our router and which configurations should I do to…

Hi everyone, Maybe I'm doing something wrong but I can not have all my offices browse each other on MPLS connection... First of all each office has a connection, managed externally by one ISP, with its own router and each is part of a big MPLS. On…

Hello everyone, Sorry for being a noob here. I have the following network map layout: I use a dual-WAN bandwidth aggregation configuration rather than a failover one for most of the interfaces. However, I look forward to: Assign my TrueNAS server…

Am I missing something here ? I've installed Debian 3cx and Gateway is Sophos XG (static ip and gateway set on network)... however even without Sophos running i can still get normal access to 3CX just fine, which proves despite setting static IP and…

Hello I have two sophos connect together. Sophos1 - switch - Sophos2 I have multiple VLANS between them. All vlans have owen subnet. Phisical interface has also owen subnet. I cant ping betwen vlan interface. Whatever i use. But Phisical interface…

Hi, I'm attempting to get WAN failover working across sites using OSPF (default information originate). The issue is with getting the local default route disabled in case the local Internet connection drops. Can you please let me know what is the correct…

Hi community, for reasons of simplification let´s assume that our XG450 ( SFOS 18.5.2 MR-2-Build380) has 4 ports configured: Port 1 - Zone WAN - IP 1.1.1.2/24 Gateway is 1.1.1.1 Additional Alias: 1.1.1.3/32 Port 2 - Zone DMZ1 - IP 2.2.2.1/24 used…

Hi Everybody. I am running SFOS 18.5.2 MR-2-Build380 on an Intel iCore 5 based PC as "Sophos XG Firewall" in connexion with an ASUS Router operating as Access Point and my ISP operator TV Box which is connected to Asus Router. As the "Sophos Firewall…

I have two Sophos XG Firewalls ( SFOS 18.5.1 MR-1-Build326) Both are managed by Sophos Central and I used the platform to create an SD-WAN between the two offices. I am trying to get the Branch Office XG to access the AD at Head Office in order…

Hi all, We recently switched from a UTM software install to a pair of XG3100s running in HA active/passive. Since the switch over we have had an issue with clients at our branch offices communicating with servers and devices on our LAN. Network…

Hi, I have Sophos XG330 and two BGP link configured in LAN Zone. Both link are active and working. I would like to configure failover/ Failback and set primary and secondary link. Does SD WAN Policy Routes help to achieve this ?? I have tried…

I need 2 networks to talk with each other using 1 ip address. The 2 sites are physically connected with a Metro E (Dark fiber), this connection is a dedicated fiber between the 2 sites. Each site has its own network. Site A has the IP’s that Site B needs…

So as of right now I have Sophos running on a r610 server with Proxmox and I am only using 2 of the 1 gig nic. My question is what's the best way for me to disable to home cable modem DHCP and force connected clients through Sophos. Would setting the…

Hello, We have a clients-server based application, where the server is in a different vlan as the clients. The communication between both vlans is routed via SophosXG VLAN Interfaces. (XG430 / 18.5MR1) The GUI firewall rules are configured to…

Hey there! Simple (and maybe stupid) question: If I have a network like this: WAN | PPPoE Router (192.168.1.1) | (192.168.1.10) (Zone: WAN, Default gateway 192.168.1.1) Sophos XG (192.168.5.1) (Zone: LAN) | LAN (All IPs are with /24 subnet mask…