• Only allow certain devices to use backup ISP when primary ISP is down

    shred
    shred
    I have a primary and backup ISP, with the backup ISP being a cellular-based limited bandwidth plan. The purpose of the backup ISP is for my “critical” devices such as my home server which hosts my alarm system via Home Assistant (so I can still receive…
    • 8 months ago
    • Sophos Firewall
    • Discussions
  • Client internet interruptions every 15 minutes

    despich
    despich
    Our environment is Dell Windows 11 workstations "Clients" connected to Cisco 3850 switches that all go out through the internet via our Sophos SF01V (SFOS 20.0.0 GA-Build222) firewall. DHCP and DNS done with local Windows servers. We have about 140 Clients…
    • Answered
    • 8 months ago
    • Sophos Firewall
    • Discussions
  • SFOS 20.0.0 GA-Build222 - Schedule for 2nd WAN PPPoE port not working

    techno.kid
    techno.kid
    Hi everyone, I can confirm that (to me :-) there seems to be a bug if you have more than one WAN interface with PPPoE: The " Schedule time for reconnect" under "Network" -> "Interface" -> WAN-Port will not be respected though it will show correctly…
    • Answered
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • SNAT over ipsec not working XGS2100

    Akshay Hegde
    Akshay Hegde
    I am referring this post with similar issue DNS request to DNS over Site2Site VPN I have below setup XG310 -- branch office XG430 -HA -- Head office Now I got XGS2100 - 2nd branch office ( Gateway local ip: 172.16.1.100 ) XGS2100 …
    • Answered
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • Internet stop every day on same time on Sophos XG135

    Tihomir Trifonov
    Tihomir Trifonov
    Hello, we have a problem with our client where we put Sophos XG135 with latest update 20.0.0 on their network, like every day at the same time somewhere around 12:30-1pm and in the evening around 7-8pm, the internet stops but Sophos continues to work…
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • How to "drop" mails instead of "reject"

    Markus Quirmbach
    Markus Quirmbach
    Hi all! I hope this is just a small question and easy to answer. We have a XGS 2300 with SFOS v20 deployed and we use it as our snmp proxy. We get a lot of mails from "spameri @ tiscali.it" which are rightfully rejected. Now, I would like to set up…
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • Sophos Firewall Communication to Sophos Central

    Randy Cleveland
    Randy Cleveland
    Hi, We have a Sophos XGS107 firewall on a Spectrum cable internet connection. Yesterday mid-morning, we got a notification that the firewall had lost communication to Sophos Central. We called the location where the XGS107 is located and they were…
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • Site-to-Site VPN Problem Invalid SPI

    Trio Fandi
    Trio Fandi
    Hi, We are using Sophos Firewall XG310 , SFOS v20. It's been 4 month we have established Site-to-Site VPN, and today suddenly our connection is Down with many " Received IKE message with invalid SPI (D3EED417) from the remote gateway " log messages…
    • Answered
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • No Access to new VPN Portal

    Wireguard
    Wireguard
    Hi everyone, I have updated my XG to the new SFOS 20 and set everything up according to the knowledgebase article. When I now go to my URL " ">https://firewall.my_Domain.de" , I get a "forbidden" I also have a WAF rule that points to my bookstack. As…
    • Answered
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • XGS send EMail Quarantine Digest to all mailboxes

    TechnikBingo
    TechnikBingo
    Hello, I have set up an XGS136 SFOS 20.0.0 at an customer with an OnPrem Exchange 2016, of course set it up with MTA Mode / Reverse Proxy (Thanks for the 1MB Size Limit that is forbidden to edit...) and I am facing issues to set up Quarantine Digests…
    • Answered
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • Firewall ( SFOS 20 ) block url with 502 bad gateway

    Thomas Meier2
    Thomas Meier2
    Hi there, we want to open the url: https://procurement.cern.ch and get the error: 502 Bad Gateway. If I open the URL without our firewall ( at home...) the website will open ! So the problem is our Firewall with SFOS 20.0.0 GA Build 222. I also…
    • Answered
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • Missing Firewalls on Central + Stopped Services

    Nanoman
    Nanoman
    Hi! tonight the HA-Cluster disconnected from Central (not together: the AUX 1h later) and on the Firewall the following services are shown as "stopped": - fwcm-updaterd - fwcm-heartbeatd - fwcm-eventd - fwcm-api-execut By the way, only one of the two…
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • VPN Portal and Login Security

    FrancescoB
    FrancescoB
    After upgrading to SFOS 20.0.0 GA i activated the new VPN portal. We use only SSLVPN. If SSLVPN is running on port 443 and the VPN Portal on port 444 (or any other), the authentication log displays the correct SRC IP. This allows "Login Security" to…
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • Clear Memory without rebooting in Sophos XG

    Mitul Desai
    Mitul Desai
    Hi Community, Is there a way to clear memory (RAM) without rebooting in Sophos XG firewall? its firmware is SFOS 20.0. 0 Memory went up to 90% last week. We rebooted the Sophos XG firewall. Then, Memory came back to around 30%. Now it has been running…
    • Answered
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • How to Deny Direct IP access from browser ?

    Trio Fandi
    Trio Fandi
    Hi, I need advice how to Deny Direct IP access from browser. So, it only allow access by domain-name. How it done through Sophos Firewall configuration rule? I use Sophos XG 310, SFOS v20.0 Thanks
    • Answered
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • DNS Server Recursive Query Cache Poisoning Weakness | Sophos XGS

    Marcel Jordan
    Marcel Jordan
    Good evening everyone, a customer of mine has currently patched an XGS firewall (SFOS 20.0.0 GA-Build222). The customer had a vulnerability scan with a result of 1 Medium CVSS. Namely: DNS Server Recursive Query Cache Poisoning Weakness www.tenable…
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • Azure Pfsense 23.09.1 site to site ipsec to on prim sophos SFVH (SFOS 20.0.0 GA-Build222)

    James Sweeney
    James Sweeney
    For a few days now I have been attempting to get a ipsec site to site between these two firewalls and even have the pro customer support pfsense involved. All there suggestions have been unsuccessful in getting the two to talk to each other. all guides…
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • What to do in failsafe mode

    FFin
    FFin
    I just had a very bad experience updating XGS126 from 19.0MR1 to 19.0MR3 to 20.0GA in active-passive HA. Node A Primary Node B Aux Update to 19.0MR3 seems to be fine. As Node B updated, restarted and became Primary and Node A updated and became Aux…
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • Rule change not applied unless restart.

    midnightSun
    midnightSun
    I'm having to restart this system to get Firewall / NAT rules enforced when changes are applied. This seems to happen with quite a few people in the community. I've found sometimes disabling the firewall rule that feeds a NAT rule loads the additions…
    • Answered
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • VLAN in a IPsec Tunnel randomly stop communicating.

    sifikelo mkhungo
    sifikelo mkhungo
    Hello I recently upgraded my Sophos XG 2300 to SFOS v20 which is in Head Office, where I am running site to site vpn: IPsec tunnels to 6 branch offices and IPsec Profile is set to Head Office, policy based for all IPsec Tunnels on Head Office firewall…
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • Site-to-Site VPN

    Domenico Frei
    Domenico Frei
    Hi, I have a constellation with a site-to-site VPN between a Sophos XGS116 and a Sonicwall TZ400 at a customer's. The connection between the two devices keeps breaking down. On the Sonicwall you can also see that the VPN tunnel has been disconnected,…
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • AD User permissions not correct using API

    Rodrigue GRIMAUD
    Rodrigue GRIMAUD
    Hello, Using the Sophos API (v20) ( https://docs.sophos.com/nsg/sophos-firewall/20.0/API/index.html ), authentication works whether it's a local account or an Active Directory account. However, when creating a VLAN through the API, an error occurs…
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • Sophos Firewall future Roadmap?

    tom greene
    tom greene
    Its been 4 months since the release of v20. Is there any new roadmap for the future? what new features can we expect?
    • Answered
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • Intel X710 10GbE SFP+ (passthrough) not detected

    Dark-Vex
    Dark-Vex
    Hello, I have a Minisforum MS-01 which have two Intel 2.5GbE and two Intel x710 SFP+. I'm using Proxmox and I did a PCIe passthrough of one x710 interface (tick/untick pass all feature doesn't matter) to Sophos XG v20 Virtual Machine. By doing an…
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • Firewall rules are not working

    Alex K
    Alex K
    Good afternoon I have a problem that when I create a policy for firewalls and it is activated, it does not work. My goal is that I want to block access to the Internet, that is, so that when I go to some web page, my access is blocked, so that a message…
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • View related content throughout Sophos Firewall
  • More
  • Cancel
<>