• Disconnect site when quota timed out

    OldMtnGoat
    OldMtnGoat
    XG SFVH (SFOS 20.0.0 GA-Build222) I have set up a web policy with quota for gaming. I would like it to disconnect user from site after time is used. The way it works now is the user can continue playing as long as they logged in before the quota time…
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • How to Deny Direct IP access from browser ?

    Trio Fandi
    Trio Fandi
    Hi, I need advice how to Deny Direct IP access from browser. So, it only allow access by domain-name. How it done through Sophos Firewall configuration rule? I use Sophos XG 310, SFOS v20.0 Thanks
    • Answered
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • DNS Server Recursive Query Cache Poisoning Weakness | Sophos XGS

    Marcel Jordan
    Marcel Jordan
    Good evening everyone, a customer of mine has currently patched an XGS firewall (SFOS 20.0.0 GA-Build222). The customer had a vulnerability scan with a result of 1 Medium CVSS. Namely: DNS Server Recursive Query Cache Poisoning Weakness www.tenable…
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • Azure Pfsense 23.09.1 site to site ipsec to on prim sophos SFVH (SFOS 20.0.0 GA-Build222)

    James Sweeney
    James Sweeney
    For a few days now I have been attempting to get a ipsec site to site between these two firewalls and even have the pro customer support pfsense involved. All there suggestions have been unsuccessful in getting the two to talk to each other. all guides…
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • What to do in failsafe mode

    FFin
    FFin
    I just had a very bad experience updating XGS126 from 19.0MR1 to 19.0MR3 to 20.0GA in active-passive HA. Node A Primary Node B Aux Update to 19.0MR3 seems to be fine. As Node B updated, restarted and became Primary and Node A updated and became Aux…
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • Rule change not applied unless restart.

    midnightSun
    midnightSun
    I'm having to restart this system to get Firewall / NAT rules enforced when changes are applied. This seems to happen with quite a few people in the community. I've found sometimes disabling the firewall rule that feeds a NAT rule loads the additions…
    • Answered
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • VLAN in a IPsec Tunnel randomly stop communicating.

    sifikelo mkhungo
    sifikelo mkhungo
    Hello I recently upgraded my Sophos XG 2300 to SFOS v20 which is in Head Office, where I am running site to site vpn: IPsec tunnels to 6 branch offices and IPsec Profile is set to Head Office, policy based for all IPsec Tunnels on Head Office firewall…
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • Site-to-Site VPN

    Domenico Frei
    Domenico Frei
    Hi, I have a constellation with a site-to-site VPN between a Sophos XGS116 and a Sonicwall TZ400 at a customer's. The connection between the two devices keeps breaking down. On the Sonicwall you can also see that the VPN tunnel has been disconnected,…
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • AD User permissions not correct using API

    Rodrigue GRIMAUD
    Rodrigue GRIMAUD
    Hello, Using the Sophos API (v20) ( https://docs.sophos.com/nsg/sophos-firewall/20.0/API/index.html ), authentication works whether it's a local account or an Active Directory account. However, when creating a VLAN through the API, an error occurs…
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • Sophos Firewall future Roadmap?

    tom greene
    tom greene
    Its been 4 months since the release of v20. Is there any new roadmap for the future? what new features can we expect?
    • Answered
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • Intel X710 10GbE SFP+ (passthrough) not detected

    Dark-Vex
    Dark-Vex
    Hello, I have a Minisforum MS-01 which have two Intel 2.5GbE and two Intel x710 SFP+. I'm using Proxmox and I did a PCIe passthrough of one x710 interface (tick/untick pass all feature doesn't matter) to Sophos XG v20 Virtual Machine. By doing an…
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • Firewall rules are not working

    Alex K
    Alex K
    Good afternoon I have a problem that when I create a policy for firewalls and it is activated, it does not work. My goal is that I want to block access to the Internet, that is, so that when I go to some web page, my access is blocked, so that a message…
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • changing physical LAN ports to a different interface.

    Network Inter-State
    Network Inter-State
    I'm upgrading my firewall and trying to figure out a simple way to switch my regular LAN from port1 to portF1 after importing the backup. I want to upgrade from the regular 1-gig connection to a faster 10-gig SFP connection. The tricky part is that there…
    • 10 months ago
    • Sophos Firewall
    • Discussions
  • (SG210 SFOS 20.0.0) What does weight signify with backup gateway?

    FlashErickson
    FlashErickson
    Hey everyone, I'm just wondering what weight is meant to represent when it comes to a backup gateway? Is it a percentage thing? Meaning if the primary gateway goes down, the backup will handle 20% of traffic?
    • 10 months ago
    • Sophos Firewall
    • Discussions
  • /dev/var getting full -> no space for logs

    Quallensaft
    Quallensaft
    Sophos XGS 3300 v20.0.0: - got the watermark message that the 80% report limit is reached /dev/var 179.7G 142.9G 36.8G 80% /var - when checking the content of /var 12.0K WING 20.0K archieve 235.2M avira4 7.5M certcache 8.9M common-password 1.7M conf 4…
    • Answered
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • No SSL S2S Tunnel after SSD Upgrade

    PifPof
    PifPof
    Hello Folks, a customer installed the ssd upgrade and after the reboot all ssl site-2-site tunnels don't work. ssl remote access works, ipsec tunnels are working. here are some lines from the sslvpn.log: we created a new connection, same issue…
    • 11 months ago
    • Sophos Firewall
    • Discussions
  • IPv6 LTE Router Telekom

    PifPof
    PifPof
    hi Community. we have a lte router with a static IPv6 IP-Address on the WAN-Side. I turned on the DHCP for IPv6 as you can see below: and as you see, the xgs gets an ipv6 address: The Sophos Cluster has v20 installed and I can see the cluster…
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • HA interactive: "Peer administration IP" and "Interface IP address" must be in the same network

    LHerzog
    LHerzog
    I try to setup interactive HA on XGS 126 SFOS v20 I used to setup devices this way, now I must use the same IP range for HA and management? The HA Link should be /30 network with only the HA IP - why must the management IP be in the HA network? …
    • Answered
    • 10 months ago
    • Sophos Firewall
    • Discussions
  • Issue accessing some website since a few days

    Christian Briere
    Christian Briere
    Hello! Sophos SG310 V2 ISP: Cable: 940/50 I was running V20 GA for a couple of weeks, but I was seeing alot of glitch with online gaming and sometiems website would take a little longer to load. I saw also in the FW alot of Could not associate…
    • 10 months ago
    • Sophos Firewall
    • Discussions
  • SSL VPN : MAC Address and User Active Duration

    Trio Fandi
    Trio Fandi
    Hi, Currently we are using Firewall XG310 and SFOS v20 . My question is : 1. How to bind vpn user mac-address without asking their mac-address manually? Could sophos FW detect it automatically ? 2. Could we set vpn user state duration ? Example…
    • Answered
    • 10 months ago
    • Sophos Firewall
    • Discussions
  • Trusted MAC address CSV

    abish
    abish
    Hello Community Members, I want to enable DoS & spoof protection in my Sophos XGS2100. But, To enable it for all the hosts there will be a lot of trusted MAC addresses so adding them manually is a time-consuming process. So I came across this article…
    • Answered
    • 10 months ago
    • Sophos Firewall
    • Discussions
  • Problem with 2 Wan link Manager

    Viatory
    Viatory
    I am using Sophos Xg 125w V20 and i have configured two Wan link Manager. Wan link manager1 as my ISP and Wan link manager2 for Vlans and i want all my normal browsing to go through wan link manager1 instead of each of my computer on my network to select…
    • 10 months ago
    • Sophos Firewall
    • Discussions
  • Firmware menu related device security

    Akshay Hegde
    Akshay Hegde
    1. Is there any option to disable Firmware Menu ---> Factory Reset option ? 2. Is there any option to disable COM port ? We're managing through cloud central. We Also want to disable these two option as its deployed in branch office.
    • 10 months ago
    • Sophos Firewall
    • Discussions
  • Sophos XGS 3100 LAN to LAN using NAT

    sbay
    sbay
    Today we want to replace our old UTM with an XGS 3100 cluster. In advance, we had created rules manually. But we were only able to test it today. We have a LAN port 1 (192.168.2.0/24) and a 2nd LAN on port 7 (192.168.201.0/24) When I access 192.168…
    • Answered
    • 10 months ago
    • Sophos Firewall
    • Discussions
  • Sluggish performance after 15 days up time with SFOS 20.0.0 GA-Build222

    shred
    shred
    This is the first time I've observed anything like this with the 3+ years I've been a Sophos XG home user. I upgraded to the latest build 222 about 15 days ago, so my run time has been about 15 days. Over the past several days I've noticed some weird…
    • 10 months ago
    • Sophos Firewall
    • Discussions
  • View related content throughout Sophos Firewall
  • More
  • Cancel
<>