Hello, I am looking for a way to regulate internet traffic based on user agents. Unfortunately I don't have control over the devices in our network, so I would like to restrict access to the internet based on the operating system. I read in another…

Hi everyone, I'm new to the XG and I'm running into an issue allowing an EXE download without any browser warnings. I first created an exception using under "web" --> "exceptions" that included a regex: ^([A-Za-z0-9.-]*\.)?lumension\.com/ However…

So does anyone know if Sophos keeps this list updated when you download it ? Also , what happens if you have already uploaded it ? Does it only import the news ones if there are or does it duplicate it ? https://support.sophos.com/support/s/article…

Hi I have a requirement to block some streaming sites such as Youtube from user access. I know it can be done by using the native default Video Hosting Category. However, when we use that, it block all video hosting services. I want to use more specific…

Hi All, I try to add subnet network in Web exception, but it (example: 203.104.150.0/24 ) didn't work. So I have to bypass the subnet network in top firewall rule. Is there any way to bypass subnet network in Web exception? Shunze

We have 1 computer at a client that gets the following message: Your connection is not private. It points to www.googleadservices.com NET:ERR_CERT_AUTHORITY_INVALID When I look at the certificate, it says Issued to: www.googleadservices.com Issued…

Hello ladies and gentlemen, I am having some issues when trying to connect to AAD Connect. I have internet access on the server and the web proxy powershell test succeeds status 200, however when I look at the event logs I see errors when the communication…

Sorry if this is a stupid question, but I'm fairly new to the Sophos firewall world and some things aren't as clear as other vendors. I have a third-party that is publishing a Sage ERP software package for my client. We can authenticate the published…

Is it supported to setup webfiltering for incoming WAN traffic originated in the Internet WAN ZONE?

Hi, We're migrating from UTM's over to XG's. The UTM were able to host a wpad.dat file, and we load balance the address via an F5. The wpad contains ${asg_hostname) , this is then populated by the relevant UTM when the file is downloaded by the client…

I am customizing the blocked pages that users get to see if policies are not met. This went pretty well, up until the point where I tested the download of a fake virus file, and. I customized the Message for block actions in Web -> User notifications…

Hi, I'm trying to set up a rule for Discord traffic but cannot get it working tried to find out from LogViewer what I need to add to the rule but informations I found there are rather confusing - the same traffic (dst addr & port) is once denied and…

If I do a policy test for https://sophostest.com/adult/index.html the Web Protection Category is marked as "Information Technology" If I do a policy test for http://sophostest.com/adult/index.html the Web Protection Category is marked as " Sexually…

Hi, I'm new to XG and am setting up web content filtering. I may be missing something, but I'm trying to set up an "Activities" group adding my own selection of Categories, and I don't see "porn" as a category. I do see "Sexually Explicit", but the…

Hi Everyone I want to use create a custom Category pointing to an external URL database. The category seems to work fine is the numbers of records is relative small (I've tried <200). Does anyone know what the max record limit for external URL database…

Today i was trying to edit a custom Web categorie. This Categorie consists of both URL's as well as keywords. My purpose was tot delet the last keyword in the categorie. This does not seem to be possible. When i delete the last enkeyword entry and click…

Despite this looking like incredibly simple config, I'm unable to get the proxy functionality of the XG working. Is there a trick to it? I can see traffic hitting the XG, being passed along to my ASA, and the ASA returning the traffic. but clients…

SFVH (SFOS 18.5.1 MR-1-Build326) I found an old post that listed things to add to the web content exceptions. I noticed the third one in their list was missing from the exception that was apparently included in the appliance defaults, so I cloned…

In my home LAN I have an XG-125w with SFOS 18.5. My MacBook Pro had a corrupted disk so I had to erase it and do an internet reinstall of MacOS. This procedure downloads a new copy of the operating system and then installs it. To get started, I made a…

Hi. I have a rule for cut the acces on the internet for some pc's, but I need to configure my sophos to upgrade operating system and Windosw defender. I tried whith this list, but doesn't work, any idea or sugestion, please? ^.*windowsupdate\.microsoft…

Hi all, we have installed a new xgs firewall and up to now we trying to keep things save and at a high security level. So we also check Certificate Errors. Today we get an error when access a site which i dont understand. Sophos says TLS Cert is invalid…

I want to exclude one public ip in Geo Blocking rule. Can anybody help me.

I get a 404 error when trying to sign in through Azure when we are not on the office domain. When we get redirected to our local adfs sign-in page the Sophos SSL certificate is being used causing a mismatch and the 404 error. The azure login works correctly…

Hi, is there plan to support TLS 1.3 in Web proxy (port 3128 configured in browser)? Now running 18.5 MR1 and when the web server supports only TLS 1.3 then the connection fails over web proxy. Thanks for info.

I've created a vlan for guest and have assigned to a network rage to vlan, guest must sign in via captive portal using the password of the day. I've also created a web filter policy called guest, I created a firewall rule and assigned the guest policy…