• TCP Retransmission / RST, ACK - some websites not answering

    FJay
    FJay
    Hello, I have a strange behaviour with Sophos XG. It is happening now on 2 sites. On one site I Have HA (A/P) XG2300 with v19 MR-1. On second I have HA (A/A) XG2100 with v19. I tried 18.5 MR-3 with the same issues. Most of the traffic seems…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Certificate Office365

    Gilang Ramadhan
    Gilang Ramadhan
    I have a problem with Sophos XG and Office365. some computers pop up a warning like the following when opening Ms. Outlook.
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Sophos v19 - Web Proxy or DPI-SSL web filtering & DNS requests

    ADJ
    ADJ
    Hi, I have a question about Web content filtering using either Web proxy or DPI-SSL and DNS requests/resolution. I have Sophos firewall set up in bridge mode with Netgear router as the gateway and for DNS. The Netgear router handles DHCP and DNS…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • DPI / TLS Scanning exception issue with d1. d2 d3.sophosupd.com when installing Intercept-X for Mac

    LHerzog
    LHerzog
    Hi, today we're facing something new: issues when rolling out the Sophos Endpoint to Mac Books. Windows Endpoints: no problem. They fail to install. Workarounds like https://support.sophos.com/support/s/article/KB-000044045?language=en_US were unsuccessful…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • How to block Tiktok App

    frankyhertz
    frankyhertz
    Hi I'am unable to block Tiktok application and can't even find it in application control. Please help... Thanks...
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • TLS handshake fatal alert: certificate unknown(46).

    ScHwAnG86
    ScHwAnG86
    Hi, I am seeing these errors in the log for some websites which tend to utilise tracking information, particularly those which utilise a CNAME record to point to another address. For example, the website t.myrenews.com.au is a CNAME that resolves…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • PDF generate from our web server behind firewall alwasy blocked

    Disko_boyolali
    Disko_boyolali
    i have server that run code javascript or something that generate pdf file for download or view but alwasy faild or error my server using local addres nat behind the sophos xg. What shoud i have to do to white list this action
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Internet pages suddenly no longer work 502

    Chriz
    Chriz
    Hello, since today suddenly several internet pages do not work anymore. The browser gives the error message: HTTP ERROR 502 The page is e.g. https://www.ista.com/de/ Firewall is a XG115w (SFOS 19.0.0 GA-Build317 Do you have a solution? Thanks…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • SEC_ERROR_EXPIRED_CERTIFICATE for web proxied sites

    Tim M
    Tim M
    Hello, I am a home user of the Sophos XG firewall - SFVH (SFOS 19.0.0 GA-Build317) - and use it to proxy specific sites... one of those things I proxy is google and youtube. Recently, it seems that the certificates that my appliance creates have expired…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • XG550 (SFOS 19.0.0 GA-Build317) : problem with Web filter, RDP connection block after upgrade

    Daniele Basilico
    Daniele Basilico
    Hi, after upgrade from SFOS 18.5.3 MR-3-Build408 to SFOS 19.0.0 GA-Build317, without changes to the policy, we have a problem with connections in vpn ssl, RDP connections (tcp 3389) are blocked. T he logs indicate that RDP connections are blocked by…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • XG FW - Some users have "Not Secure" notification in browser even though all sites are HTTPS

    Sophos User6227
    Sophos User6227
    XG FW - Some users have "Not Secure" notification even though all sites are HTTPS Users are authenticated and internet is working, however, no matter which site they go to it always says "Not Secure" "This site has a valid certificate, issued by…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Web Proxy vs DPI

    SophosNewby
    SophosNewby
    Hi Everyone, I finally moved our XG over to version 18 yesterday and no hiccups. My question is I am wanting to get SSL/TLS Inspection setup correctly for our environment and I noticed when I toggled of SSL/TLS inspection->ON, it must automatically…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • How often does Sophos check the accuracy of the geoip database?

    rfcat_vk
    rfcat_vk
    DHi folks, I was investigating an unknown country ip address and found that it belongs to cloudflase in the US. Cloudflare being like AWS etc as a large supplier is cloud servers I would think that the geoip database should be easily updated. If the…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Why when blocking https does that stop access to the XG GUI?

    rfcat_vk
    rfcat_vk
    Hi folks, due to a little accident I added https to a drop firewall rule, that stopped the vpn from working and also all other devices using https on that network. I was connected to the GUI at the time and lost the connection. Why did the connection…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Parallels Access for Mac

    Brian1941
    Brian1941
    I've continued this post in "Looking at awarrenhttp_access.log for FQDNs" as I was having problems doing that, and through that post I found a domain that pointed me in the right direction, but is still ongoing in trying to fix the issue with Parallels…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Allowing Whatsapp Calls in Sophos XG

    Christiaan du plessis
    Christiaan du plessis
    Hi all. I'm running Sophos XG Home Edition ( SFOS 19.0.0 GA-Build317). Whatsapp Calls are being blocked, I have no Web Policy or Application Control being used by Firewall rule. Any services are allowed from LAN to WAN. Can't see that anything…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • HTTPS-Scanning some Website-Certs unvalid (expired)

    Mr.Roboto
    Mr.Roboto
    have a strange problem here with an XG cluster. On 07.06.22 there was a problem with the onsite NTP service. After the failure, which lasted about 5 minutes, some websites such as google.com can no longer be accessed in a browser because the certificate…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Suggestions for how to enable SSL decryption to enable additional protection

    Christian Sosa1
    Christian Sosa1
    Hello, I would like to enable SSL decryption and I am hoping to have this rolled out before July. There is a mix of all kinds of devices: I think I handle certificate installation on most devices. I know I won't be able to do that on some devices…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Software Agenda und Sophos XG ich komme nicht weiter

    Ralf Blüthner
    Ralf Blüthner
    Hallo, ich versuche gerade die Software AGENDA upzudaten, aber leider sagt mir die Software: keine Verbindung zum Internet...ich habe aber Internetverbindung. Die Beschreibung in der Agenda Hilfe ist auch nicht wirklich aussagekräftig: hier mal der…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • DPI issue with AnyDesk Software

    LHerzog
    LHerzog
    We're having an issue with anydesk beeing blocked in DPI due to invalid Certificates. Anydesk uses own certificates, not trusted anywhere but in their software. CN = AnyNet Root CA CN = AnyNet Relay Both seem to have the same fingerprint: 9e:08…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Websites load slowly or not at all without Web-Proxy

    SM-ITM
    SM-ITM
    Hello, we have the problem that in general all websites load slowly and many others do not load at all. We use version 19 (SFV4C6 / 19.0.0-B317) as VM in Hyper-V. Here are some examples of websites that cannot be accessed at all: https://icloud…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Lots of "Invalid Traffic" being dropped to Office 365 servers.

    Kat Kilbane
    Kat Kilbane
    Hey folks! I have a XG firewall on 18.5.2. For the last year or so, we have been having trouble with random users being prompted to put their Outlook password in for the desktop app. I have been chalking it up to Microsoft being eh. But this week it has…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Security Features > Web Filtering - Best practice for BYOD Devices

    Daniel Hargrove
    Daniel Hargrove
    Hi. I am looking for some advise around the best practise for Web Filtering for a BYOD network. We have a seperate network setup on our XG for residents who connect their own devices which are mainly mobile devices. We have a firewall rule crated…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • XG Firewall DPI

    Nikita Baranov
    Nikita Baranov
    Hello everyone, I was trying to enable DPI feature inside of the existing rule, however Malware scanning section is missing in my case. Please see screenshots attached for comparison.
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Sophos XG Firewall - GEO Blocking is equal to Webfiltering?!

    Valvaris Sigma
    Valvaris Sigma
    Hello Sophos-Community, I own a Sophos XGS 126 [ SFOS 18.5.2 MR-2-Build380 ] and am happy with it. After tinkering with a few settings, I found something odd and wanted to ask if this is intended? (SSL Inspection = ON - DPI Engine Active - Added Rule…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • View related content throughout Sophos Firewall
  • More
  • Cancel
<>