Hi On a Sophos XG with "Web server protection," we host a website (WAF). Now that http/2 is available, our contractor wants to make adjustments to our website. He inquired about the WAF's support for http/2 and whether that was OK. Only the fact…

Hi I have a new ADFS 2019 system behind a WAF on XG. The external tests keep telling me it has Strict Transport Security (HSTS) off. Is there a setting on the XG that affects this when putting a local server behind the WAF or have I missed something…

Hi We're hosting a Website behind the "Web server protection" (WAF) on a Sophos XG. Now our contrator is planning to update our website to use http/2. He asked if that is ok and whether the WAF support http/2. I only found information about Sophos…

Hello all. I'm trying to add a new "Protection Policy". When I fill in everything and press "Save"... nothing happens. I think the "Save" button goes from a dark blue to a lighter blue, but nothing saves, no messages, no refreshes, nothing. No feedback…

Hello, I'm having some trouble wit the webserver protection for an Exchange 2016 Cluster. We're running a brand new XGS3300 firewall cluster in our datacenter with 10 Gig internet connection. I've configured only IPS rules for the Exchange Webserver…

Hi there Last week, my wildcard certificate expired. No biggie. Got a new one, imported it into the firewall, everything ok. When I selected the new certificate in my WAF rules, I was able to save this configuration and expected the firewall to use…

Hello everyone, is Sophos WAF okay with redirecting http://wwww:aaa to https://wwww:aaa ? It seems to be okay with default http and https ports, but not working with non-default ports

Hi, I'am lokking for some help to come over a problem with Exchange 2019 and WAF with static URL hardening. I use this poular documentation here: https://www.frankysweb.de/sophos-xg-18-webserver-protection-und-exchange-2019/ and it did not work as…

hi i have two server using https mail server and web server when i want to access from outside to the sever web it load always the mail server, and when i change port to 80 it work but i want to use https for web server. pls any help i have sophos…

Hi guys I have a general and maybe basic WAF / reverse proxy question: I do use some ressources from WAN-side by setting up a "simple" Firewall and DNAT rule to port-forward these ressources. Clients that match the firewall rule have access by calling…

Hello We're trying to use a Webserver behind web server protection (Sophos XG) where clients have to authenticate themself with a certificate. We're able to reach the Website and we can authenticate with username and Password. But, however, our clients…

Hi, my website got some serious attacks from different locations. Can I secure my website with Sophos Firewall? My site url is https://www.autoreinigung-noack.de/ . Any help will be appreciated

Hello everyone. I have enabled a WAF protection policy on my website. And now I have some WAF anomaly. Problem is I can't find the reason of the anomaly. Here is the log that I have in the log viewer : 2022-06-18 12:00:41Web server protectionmessageid…

Hi to all, We have configured WAF for WEB Protection Rule but when a operator try to upload news content on web upload the Sophos XG Denies to upload news content to published, see the denied log. /Media/InsertContent/11224 WAF…

Hello Community, we had the problem with the WAF of our firewall. We cant sent mail with a attachement size over 1MB. My collegue Denis Neugebauer find a solution in some other forums. Here is the solution (in German -> use DeepL.com): # Vorwort…

I'm getting following error in WAF-log: ModSecurity: Request body no files data length is larger than the configured limit (1048576) Is there a new switch in gui or command line to increase 1 MB limit in V19? There were forum posts some years and…

Hello everyone , I have a problem with my WAF rules. It no longer works, the problem happened all of a sudden without me changing anything on my configuration. Only forward port rules work correctly. I have already rebooted my router. I even deleted…

Discovered a scenario that I can't get working in Azure, which seems like a limitation on the XG. We setup a policy-based VPN to one of our customers which needs to access one of our web-apps. The customer requires that RFC-1918 is not used in VPN traffic…

I am trying to get my ActiveSync setup to work across my Sophos XG 18.5.3 MR-3 install. I follow the recipe found at https://support.sophos.com/support/s/article/KB-000040209?language=en_US When I try to save the firewall rule mentioned towards the…

We have a web server that sends websocket requests when being accessed. We are able to make it work through HTTP traffic, but when we got an SSL certificate to make it HTTPS, the websocket requests fails. I have tried using Path-Specific Routing to…

Hello guys. I am using waf and I noticed that when Rewrite HTML is checked javascript is not loading. For example I have a phpsysinfo script running. When I access it, while it is supposed to use bootstrap to display the page, it redirects me to the…

Dear Sophos, I am operating a matrix.org synapse backend, and for federation to work properly it is important that the apache virtual host is configured with the "nocanon" option. My assumption: Normally, mod_proxy will canonicalise ProxyPassed URLs…

Hello, I am trying to set up kind of a "blue-green" deployment environment for our website. We already have a working web server and a firewall (WAF) rule pointing to this web server. I've added a second "web server" and I now see it in the list under…

I have two public IP addresses behind a sophos XG, I need to publish two web servers in the DMZ zone. I created the publishing rules for both servers. only access to web server 1 is allowed from IP1 address. access to web server 2 from IP2 address is…

Hello eveyrone, I have created a WAF rule on all my Website, which is in "moitor" mode : I went to reverseproxy.log to see if I had errors, warning... and I have many many logs like : [cookie:error] [form_hardening:error] [security2:error…