Tried to add a certificate to an unmanaged Chromebook device with latest Chrome OS version (someone brought in their own device). Followed the steps as we have used for years. Download the CRT file and open Chrome Security settings and under manager certificates…

Dear Friends: I’ve been following this article because none of my reports were working. Sophos Firewall: No reports show After flushing the reports, it appears as though I never completed the configuration of my WAF certificates. So, I decided…

Case is not resolved. Please open the case. Sophos team has migrated cyberoam to Sophos firewall & Its working properly from last 3years with Cyberaom certificate which expiry is 2036. The issue is Sophos connect 2.3 is not working but 2.2 & 2…

Hi everyone, I'm enforcing my TLS inspection rules to more strict and secure with best practices. So my Decryption Profile: Using https://badssl.com/ for tests scenarios I had success in almost all practices: invalid date working as…

Hey there, on old SUM Firewalls there was an SSL VPN Installer incl. configuration on Userportal. When you have installed this, you got an openvpn.cfg file and the user certificate. I have changed our Firewall to an XGS and now i need the new…

Good day all.. I have a no-name Firewall running with pfSense and FW Certificate. As my new Sophos XGS87 Firewall does not support pfSense I want to import the existing FW Certificate into Sophos. Problem: as per Sophos website I have to import…

I'm aware of the KB that states when it is required to re-download the SSLVPN configuration when changing global settings but it doesn't specify the certificate as one of these things. So what happens if you renew an active certificate before it expires…

Good Eve. Trying to connect to a network switch via https. Error page : The trust status of this website's certificate could not be securely established. About this request URL: https://somePublicIP Certificate details: Valid From: Feb…

Dear collegues! When we access the Webconsole through the internal network https://xxx.xxx.xxx.xxx:port, the browser recognizes the certificate for https access as not secure. We are using the default Sophos certificate. How should I fix this problem…

Hello! I know that a few years ago there was a feature request on the currently retired Sophos's ideas portal, regarding remote access SSL VPN with certificate only based authentication, for Sophos XGS firewalls. Does anybody know if it's possible right…

Hello, we have multiple environments of Sophos SG and XG Clusters. As we are not able to check every Cluster itself we automated a notification for WAF Certificate Expiration. On SG this is built-in but not so on the XG. I searched a little, and…

In 2018, Sophos integrated Let's Encrypt with their UTM series, leaving XG(S) users anticipating a similar feature. Many, including us, have turned to API solutions due to the lack of progress which is fine. However, the XG API feels less refined compared…

Last year or so ago we had a case regarding this issue. Once again a vendor conducted a friendly PCI scan on our public interfaces and send us a notice of Non-compliance. The robot scanner is seeing the self-signed appliance certificate on PORT 3400…

Is there a simple way to replace an expired certificate without having to manually replace it with a valid one in all WAF rules and other places where it is used?

Hi there, I have a single static public IP that I'm using for SSL VPN incoming connections and for exposing a host (PBX) along with the following services: 80, 443, 5060, 5061, and RTP range 9999-15000. The PBX manufacturer provides a DNS service…

Hi, Our certificate for the site expires today and we've tried uploading a new one and it's imported but it's listed as untrusted. It's an Alpha SSL certificate and our service provider gave us the .csr and .key file. We copied the contents of the…

On Sophos Firewall, if I update and regenerate the default CA, what are the implications? I have a firewall that is setup, the default CA hasn't been customised so far. I need to setup a S2S IPsec VPN with certificates and wanted to customise this before…

While troubleshooting a SSL VPN connection I tried different certificates, which I successfully added as "trusted" in the Certifcates section of the WebUI. When I download the ovpn-config file from the VPN portal I found that every time I try a new…

Hi, One thung bothers me regarding SSL certificates. I will have some 30 SSL VPN users on XGS , and I intend to install commercial SSL certificate. But it only has 1 year validity. Does it mean I will need to push .OVPN config to end users every year…

Dear All, I am facing with a Problem in sophos xg web server Protection, I have created all needed ruls and upload the ssl certificat to xg but in web application rule under the Host server when I select the HTTPS in the dropdaown menu I dont see me…

I have a dedicated VLAN in our network and a dedicated AD username for guest users. I am not using Sophos wireless network, I use another brand wireless network. I am using SFOS 19.5.3 Every time my guest users browse the internet after logging into…

Hey everybody, as we could not find any working solution in the discussion forum that does the Lets encrypt Process on the Sophos itself, we setup a process to run the whole thing on the sophos firewall it self. Our blog post https://blog.helsinki…

Hi, We have a XGS2300 (SFOS 19.5.3 MR-3-Build652 with an SSL Remote Access VPN with OpenVPN clients. Not sure if this was a Sophos or OpenVPN issue but I had to start somewhere. I had a user call last last night with a Peer Certificate Verification…

Hi folks, a question about decrypt and scan that has me puzzled for sometime. The users have the XG certificate installed and functioning correctly except for Apple sites. I have web policies blocking advertisements and use the XG proxy, this functions…

Hi Team, I uploaded a new PositiveSSL Cert (mail.company.com) for our Exchange On-premise email and I am getting an error "Certificate Authority: Invalid or Not Installed" We have a wildcard certificate (*.company.com) and it was recently renewed…