Hi everyone, We're using the integrated Let's Encrypt feature in SFOS V21. We've noticed some strange behavior when it comes to renewing certificates. When the firewall attempts to renew the certificate, it fails with the message: "Reason for failure…

Hello. Recently, a bunch of my locally-generated certificates have expired and I am having trouble finding a way to renew them. I am using the firewall's local CA to make certificates for WAF rules and the web-admin console. You'd think there would…

I successfully obtained 5 certificates from Lets Encrypt with th new V21 feature. I can use these in my web application firewall rules and they work fine. But in "Administration/Admin console and end-user interaction" only an uploaded wildcard certificate…

Hi, I'm facing a new issue: After deploying new Firewall the fresh instance cannot be synchronized with Central. Device keeps hanging on state connected The default certificate seems to be invalid (Namibia???) After editing the default authority and…

We currently use an SSL certificate from Digicert for IPSec VPN access for users. When migrating from an XG 210 to and XGS 2100 do I need to buy a new certificate or will the current certificate transfer over during the migration? Thank you.

Hi, we uploaded a certificate from our domain provider, but it's showing not trusted.

Good day I have client with XG 230, the They don't have an Active Directory, is there a way to install ssl appliance certificate to all machines.

Does regenerating the Appliance Certificate affect any other access besides SSL VPN? This is my issue, we recently had our XG210 replaced and rebuilt the new unit with a backup. Prior to the firewall failure SSL VPN has been my goto setup for staff who…

Tried to add a certificate to an unmanaged Chromebook device with latest Chrome OS version (someone brought in their own device). Followed the steps as we have used for years. Download the CRT file and open Chrome Security settings and under manager certificates…

Dear Friends: I’ve been following this article because none of my reports were working. Sophos Firewall: No reports show After flushing the reports, it appears as though I never completed the configuration of my WAF certificates. So, I decided…

Good day all.. I have a no-name Firewall running with pfSense and FW Certificate. As my new Sophos XGS87 Firewall does not support pfSense I want to import the existing FW Certificate into Sophos. Problem: as per Sophos website I have to import…

Dear collegues! When we access the Webconsole through the internal network https://xxx.xxx.xxx.xxx:port, the browser recognizes the certificate for https access as not secure. We are using the default Sophos certificate. How should I fix this problem…

Hello, we have multiple environments of Sophos SG and XG Clusters. As we are not able to check every Cluster itself we automated a notification for WAF Certificate Expiration. On SG this is built-in but not so on the XG. I searched a little, and…

In 2018, Sophos integrated Let's Encrypt with their UTM series, leaving XG(S) users anticipating a similar feature. Many, including us, have turned to API solutions due to the lack of progress which is fine. However, the XG API feels less refined compared…

Is there a simple way to replace an expired certificate without having to manually replace it with a valid one in all WAF rules and other places where it is used?

Hi, Our certificate for the site expires today and we've tried uploading a new one and it's imported but it's listed as untrusted. It's an Alpha SSL certificate and our service provider gave us the .csr and .key file. We copied the contents of the…

Hey everybody, as we could not find any working solution in the discussion forum that does the Lets encrypt Process on the Sophos itself, we setup a process to run the whole thing on the sophos firewall it self. Our blog post https://blog.helsinki…

Hi Team, I uploaded a new PositiveSSL Cert (mail.company.com) for our Exchange On-premise email and I am getting an error "Certificate Authority: Invalid or Not Installed" We have a wildcard certificate (*.company.com) and it was recently renewed…

Hi, What am I doing wrong? I have been administrating a new XGS 136 firewall and for some reason accessing the admin console on the LAN side has always reported the https certificate as not valid despite the fact the ApplianceCertificate is trusted…

buenas tardes quiero subir mi certificado ssl generado por godaddy.com y me pide una frase compartida. la cual no tengo idea donde se pone. me podrían ayudar. gracias adjunto imagen

Having issue registering firewall, guides show to clear certs, but im getting a notice saying the touch is not a valid command. Clear certs post Sophos Firewall: Purging expired certs from Sophos Firewall Rest certs post Registration loop thanks…

Our WMS is sending notification emails but they are bouncing on the firewall but there no logs on the firewall The vendor for the WMS system sent us the logs from their side and the certificate being displayed is saying Cyberoam and we are using sophos…

Hallo all, I am currently looking for a lean solution to build a rule per firewall that only applies to authenticated users. I have connected the firewall to the AD and installed the "Client Authentification Agent" on the (Windows) client. The user…

Good Day, I am trying to download our Self-Signed Certificate from the Firewall to deploy to all users to prevent users from seeing a certificate error when signing on to the Sophos Connect SSL VPN. There is no download button on the firewall what…

I have import both Certificate and Root CA in Certificate Authorities Menu. But Certificate status Not Trusted persist. I saw a weird description in subject of certificate appears in Sophos. There is a different description between Certificate Menu…