Hi, I have a defective XGS2100, an RMA has been opened and a new product will be sent back to me. When it arrives I will do a configuration restore starting from the backup of the faulty one, but two questions arise: 1) I have 5 RED20 devices connected…

Hello, I want to replace an SG firewall with an XGS. I donwloaded the wildcard certificate (.pem) and the certificate of the CA from the SG and uploaded them on the XGS. Though the the wildcard certicicate doesn't trust the CA. How can i solve this…

Hi, We have one VMWare server protected by this Sophos firewall. All our enterprise web applications are hosted on this server. Now, after accessing these enterprise applications, even though they are passing through the firewall, we are getting…

Hi I cant find anything recent on this in the forums. Im looking to purchase a wildcard certificate for securing several things. Are there any issues i need to be aware of using either a comodo positivessl (cheaper) or essentialssl? I would…

XGS 136 and 19.x firmware. Didn't find universal info how to generate proper CSR and how to import the public SSL Certificate to XGS For Request / Subject name attributes: Common name: domain name or FQDN including the host name? For Request / Subject…

If I upload a new certificate because it's just been renewed, and then select that certificate in an existing firewall rule for web protection, it automatically deletes all the domains I've associated and puts in the ones it's found in the certificate…

I have a local web server i would like to publish it so i can access it from outside via port 443 , i've already generated an ssl certificate and i would like to use it via Sophos FW . is it possible to do it via WAF and attach the new SSL certificate…

Hi all, We have a Sophos XGS firewall and we have imported a self signed certificate from our organization to the firewall which is used for the admin console and user portal under Admin console and end-user interaction -> certificate. We have also…

I HAVE A WEBSITE ON MY LOCAL SERVER 172.16.1.1 port 80 , and it's working when i try to access it from the internet but only with http ; when i choose https 443 it shows an eeror msg 'this webisite is unsecure click on link to proceed " ; so i brought…

Hello, Is there a SSL expert in the house? I was on a PUBLIC WiFi AP yesterday and was shocked to find out my websites SSL from DigiCert was not used. In fact, the WiFi said that my SSL Certificate is coming from Sophos. Below I will display what…

Greetings everyone! This is my first time installing a renewed SSL certificate for our email server in our new XGS firewall. Where are all the places the new certificate needs to go? I've uploaded it in certificates. Applied it in email general…

Good Afternoon, We have recently performed a migration from Sophos UTM to Sophos XGS and I am currently working on re-instating the SSL VPN service for use by our third party support companies. We operate two DCs with services either 'homed' in a specific…

Greetings everyone, In XG firewall, I need to install and configure a renewed SSL certificate from Go Daddy. We have an Exchange server on premise. I've uploaded it into certificates. Applied it in firewall HTTPS OWA SMTP rule. Applied it in email…

Our customer recently updated the windows system patch. After the update, open the Outlook client, and always pop up a certificate warning. As shown in the figure below, please help analyze the cause of this problem, whether it is related to XG Firewall…

Hello, do you know if is possible to use a third party wildcard certificate to configure an SSL remote access on an XG firewall? Thank you in advance, Marco.

I am currently using SFOS 19.5.1 MR-1-Build278. I am hosting Emby (similar to Plex, I used Plex as it is more popular) container on my Qnap NAS, being protected by WAF. I have my own domain name from Porkbun, and I was able to generate SSL (Letsencrypt…

Hi foks, I am running v19.5.1 on the XG and macOS13.3 on the mac book pro and mc air. A couple of sites no longer work and the default is https even though I enter hrttp.If I use a hotspot the issue is not observed. I have a mac mini in which the…

Noticed some issues today with some popular SSL sites (linkedin, live, . These issues existed for some days but no one complained. The traffic was scanned by TLS/DPI engine and the servers had certificates issued by "DigiCert SHA2 Secure Server CA"…

We're having a strange situation again after it happened last week already on our SFOS 19.0.1 XG430: Some users browse to a website that has no exceptions on our firewall for decryption. The browser (firefox or chrome) show an error that the site…

I uploaded the certificate in every format (.pem,.pfx,.Cer) but none of showing trusted and always showing RED (X) in trusted for certificate issued from Digicert website. Please assist me to fix on this issue at earliest. Please find the attached screenshot…

Hi, purchased an XGS2100 to replace our SG230 for our Public WiFi connection. The device is not on a domain and has its own internet connection. It is only used for members of the public to get access to the internet on their own personal devices…

Hi folks, we are currently in the rollout of SSL-VPN Configurations and noticed performance issues at users which are using LTE Internet connections with latency. So we want to improve performance by switching from tcp to udp at the sophos firewall…

hi, i have XG430 , created a firewall rule and selected with following web filtering checks: Block QUIC protocol Scan HTTP and Decrypted HTTPS Scan FTP for Malware Decrypt HTTP during web proxy filtering. SSL and TLS inspection is enabled when user…

Remote Access VPN IPSEC with Authentication type certificate does still lead to invalid connection .scx file on SFOS 19.5.0 GA-Build197, SFOS 19.5.1 MR-1-Build278 and SFOS 19.5.2 MR-2-Build624 if the "Organization name" in the Certificate does contain…

I have been using SG135 UTM for 5 years and I decided to upgrade to XGS136. Just like in the UTM, I want the web admin certificate to be valid. I have made a locally signed self-certificate, installed and trusted but I'm still having issues above. I have…