Hi
One of our customers has been advised to disable HTTP trace/track as it is identified in a vulnerability scan.
They have asked the question "what is the impact on the firewall operations?" if the change is made.
This is not something I have come…
Dear Sophos support team, there have been several requests about this topic, but digging through them didn't provide a proper solution. In the past Sophos provided a guideline for the UTM how to publish an Exchange server with WAF. I did not find an equivalent…
Is there a service in Sophos XG that automatically blocks the ip of the client that is trying to brute force access a web server?
That is, if there is, what can be an effective way to prevent brute force attacks on, for example, an apache server that…
Hi together,
i using the Sophos XG Firewall on Azure and where i can allow the Header "X-Forwarded-Proto $scheme"?
I created a Web Server Policy with "Pass Host Header", but the error still there.
Thanks for your support in advance.
Best…
Hi All,
I am clearly missing something here, but Google is not my friend on this one as I cannot find out what. I am trying to install an SSL cert to use in WAF and Mail.
I created the CSR
Downloaded the request
Requested the SSL from GoDaddy…
Hello! I have multiple internet connections to my sophos xg home box. Can i have redundant webserver protection? Im just allowed to select only one "Hosted address", maybe if i duplicate a WAF rule and select the other interface where i want to fallback…
hello,
We want to publish and protect website using WAF, but we want to allow access to this website from certain countries.
But when we add business application rule (WAF) -> Allowed client networks , we can't choose country (only IPs)
what to…
I have a LetsEncrypt certificate with the following parameters (sorry for the substitutions, but there's customer names in the domain/hostnames):
CN = {HOSTNAME1}.{DOMAINNAME1}.de
DNS-Name= * . {HOSTNAME1} . {DOMAINNAME1} .de DNS-Name= {HOSTNAME2…
HI there,
in relation to these WAF country blocking threads:
community.sophos.com/.../enable-country-blocking-for-waf-rule https://community.sophos.com/sophos-xg-firewall/f/discussions/126590/ip-country-block-does-not-work-with-waf
Is this…
Dear Everyone,
I have a problem with WAF Rule , Do WAF Rule working with or without DNAT Rule .
and when Disable DNAT Rule the access to published URL is very slowly and the page load incorrect .
Can anyone help me ?
Thanks in advance
HI All
I configure Sophos XG firewall secondary gateway and I enable failover when the active fails to take over however I couldn't access the sites I publish from outside my network. what I should do in order to work?
Thanks
Perhaps I am missing something simple here, but after setting up WAF for an internal HTTPS server, I am getting the following message when I try to save the rule:
Following domain(s) will not be covered by selected HTTPS certificate
"remote.domainname…
Hello,
when will this finally be solved? I already have 2 customers who have this problem. And it is always a chore to explain to the support what they have to do.
I'm slowly cursing the day I switched to V18. regards BCS
we hosted the server on IIS in the internal network and I assigned a domain name like app.example.com but the problem is while trying to access from outside the network using domain name(app.example.com) the website has not loading
but while trying…
Has Someone a Idea to change the Certificates on Multiple WAF Rules
i have an Single Certificate with Multiple Domains (SAN)
however now the Certificate is Expired and i need to change it, but every time i go onto a WAF rule the Domain List is empty…
Hi Team,
I'm trying to migrate from TMG to Sophos XG. I have 40 web sites, 39 are ok, but 1 is causing a real headache :(
In TMG you can use site path routing for web publishing, and for each rule, decide if you want to send to the real web server…
Hi all,
having Sophos XG with 18.5 SFOS and OWA implemented.
It happens actually that ALL mobile phones from dedicated mobile phone provider (in this case "Deutsche Telekom") gets blocked with
error in WAF logfile: "Bad repution SXL category IPCAT_BOTS…
I have Web app server and i use the waf business rule in order to protect my web app and i specify
one specific public IP address in Allowed client networks in the Access permission tab but after i enable this policy all the public IPv4 hit and pass…
Hello Community,
I've a new firewall installed with a Webserver Protection license enabled. The Sophos License Portal and the Firewall itself shows the license is activated and synced. If I create a WAF Rule I see the message
This feature requires…
Is it possible to use a wildcard and/or path parameter when adding path specific routing rules to a WAF rule?
For example, I would like to have my default rule `/` route to one server, and something like
`/my/route/*/xyz`
or
`/my/route/{id}…
Hi there,
Hope that someone can help me out, i am probably doing something stupid. I used to work with UTM and had no issues. Im switching to XG v18 and it seems no matter what i change, all virtual websites that i create are going to my exchange server…
Hey Guys,
we are using WAF to publish our Exchange (OWA). One of our users LTE-Router IPs gets rejected with 'Bad Reputation'. Is it possible to exclude one IP from the bad reputation filter in the WAF?
Thanks in advance.
I have the same issue posted about here XG WAF stops working without error - Discussions - Sophos (XG) Firewall - Sophos Community . All WAF rules stop being processed seemingly random. This has been an issue since upgrading to v18.0.4. I am currently…