Hallo, Ich bekomme das irgendwie nicht hin wie bei der UTM OS mit dem Zertifikat. Also da gibt es auch kein Lets Encrypt wie bei der UTM OS. Kann mir jemand helfen?? Ich möchte gerne ein Offizielles Zertifikat auf meiner Sophos haben. Sie hat…

Hello, I am a home user of the Sophos XG firewall - SFVH (SFOS 19.0.0 GA-Build317) - and use it to proxy specific sites... one of those things I proxy is google and youtube. Recently, it seems that the certificates that my appliance creates have expired…

Hi, im have added default Sophos CA to Trusted Root Certification Authorities on my pc, also in firefox and still getting Unsecure connection error in Firefox (tested with 3 web browsers)... Do i need to generate locally-signed certificate with public…

Just for someone else with the same problem, I had a ticket with Sophos (for months just to get this answer...) because I didn't get this one working: https://docs.sophos.com/nsg/sophos-firewall/19.0/Help/en-us/webhelp/onlinehelp/AdministratorHelp/Certificates…

XG FW - Some users have "Not Secure" notification even though all sites are HTTPS Users are authenticated and internet is working, however, no matter which site they go to it always says "Not Secure" "This site has a valid certificate, issued by…

Good morning! Having a hard time installing the client portal cert onto an iPad, I suspect it's because the self-signed cert I am using has expired (though it still works on devices that have already downloaded it). Task is to renew a cert in Certificates…

Hi Sophos, We currently use the SSL VPN for our remote user base, but as the included SSL certificate expires somewhat regularly we have to reinstall the local client. Whilst not the end of the world, it's an inconvenience when we have a significant…

Hello, I am new to the Sophos community. I am starting with Sophos XG Firewall. I have a Sophos XG86 that was working fine with a SSL VPN site-to-site connection in version 18.0.5MR5 to a remote site. I upgraded the remote site to SFOS 19.0.0.0 GA (Sophos…

Hallo zusammen, gestern habe ich das Upgrade von SFOS 18.5.2 -> SFOS 19.0.0 GA-Build317 durchgeführt. Seitdem kommen bei Outlook (2019) immer die Zertifikatsmeldungen bei erstmaligem Abfragen der E-Mail Konten (IMAP+POP) Ich habe geschaut, das SSL…

Howdy, Issue with configuring cert based site-to-site VPN on Sophos XG 87 I am trying to build a certificate based IPsec tunnel on my new Sophos XG 87 FW v19. 1) I created the CSR by going to certificates > add> generate certificate signing request…

Captive portal in version SFOS 19.0.0 GA-Build31 is not using specified certificate as admin portal. Captive portal is using SOPHOS cert which is not correct in my setup. See below images. Have tried fresh re-install, upgrade removing and re-adding…

So we have 2 firewalls at different locations and we want to implement SSL/TLS inspection. Instead to installing 2 certificates we would like to use 1 for both firewalls. Is that something that is possible?

We purchased a bunch of XGS 136, reimaged them with MR2 and now upgraded them too MR3. Now I noticed that the default CA on all machines looks like this: This results in the default ApplianceCertificate to be issued by the Default CA looking…

Hi, This is the 3rd call I have logged for successful creation of Digital Certificate. Sophos L1 tried based on KB and also shared me the same, but till we are not able to create digital certificate successfully. Can anyone take my remote and help…

It seems that it is impossible to create WAF rules for web servers with https so that the web server would use its own certificate instead of cert from the firewall. Is it really so and is there any trick going around this problem?

I have a DNAT in place from WAN port to internal server on port 443 (HTTPS) for accessing to users workfolders. When you connect to external URL it gives out the sophos XGS 2300 appliance certificate instead of the ssl certificate installed on the server…

Hi,friends! From version 18.5, the product no longer creates a private key when generating CSR and a passphrase cannot be set. However, I was able to obtain the private key by the following method after CSR generation with this product. System …

Hello, Is there a way to update a certificate that is used in WAF Rules without touching every WAF rule?

Hi, While installing a new certificate, I get the error: "Certificate cannot be deleted. Certificate is already used in HTTP based policy." Anyone know how to find where a certificate is being used in an XG-135 v17,5? Two years ago I ran into this…

What I did: I created a csr in Sophos XG210 18.5.2 I used the csr to order an officially signed ssl cert via GoDaddy after verification via dns the SSL was issued I upload the intermediate and root cert Uploaded the hosts cert via .pem…

Hi Guys, i have renewed my certificate on my XG135, i changed the certificate under Administration -> Admin & User Settings, but : This site can’t provide a secure connection vpn.athenion.com sent an invalid response. Try…

Hi all, firewall already uses a wildcard cert for WAF, I tried to set it up for "Admin console and end-user interaction" as it is called in the Admin settings. Applying the cert resultet in not being able to reach the Webadmin and Userportal, neither…

Hi Everybody, We are using an enterprise CA for Deploying Certificates to our Clients and the CA ist trusted by the Firewall and everything works. When enabling SSL/TLS Inspection we are facing the Problem, that Microsoft Remote Desktop Client forcefully…

I am trying to update the certificate on my Sophos XG (SFOS 18.5.2 MR-2-Build380). I've created the CSR and when I try to submit it to the CA I'm getting the below error: CSR can not have a passphrase / challenge phrase. Enter a new CSR. I don…

When updating a Cert from year to year. Why does the "Domains" in a waf rule reset to default. This is annoying. If the coverage of the cert is the same it shouldn't reset the field.