• Firewall (>ERROR:FAILED opcode status message: MarkForDelete Operation execution failed)

    Jaundre Weber
    Jaundre Weber
    Hi All. I have a XGS136. - Reporting DB shows 100% I have tried purging the reports as well as attemting to delete the files manually but no success. I ran the below and did a purge and I am getting this error: (tail -f /log/reportdb.log /log/iview…
    • 23 days ago
    • Sophos Firewall
    • Discussions
  • Lets encrypt renew fail

    EinMarco_DE
    EinMarco_DE
    Hi everyone, We're using the integrated Let's Encrypt feature in SFOS V21. We've noticed some strange behavior when it comes to renewing certificates. When the firewall attempts to renew the certificate, it fails with the message: "Reason for failure…
    • Answered
    • 23 days ago
    • Sophos Firewall
    • Discussions
  • Renewing Expired Certificates

    haydenspence
    haydenspence
    Hello. Recently, a bunch of my locally-generated certificates have expired and I am having trouble finding a way to renew them. I am using the firewall's local CA to make certificates for WAF rules and the web-admin console. You'd think there would…
    • 23 days ago
    • Sophos Firewall
    • Discussions
  • xg firewall rule for nvr

    SATPAL BHATIA
    SATPAL BHATIA
    Dear Team, How to configure NVR rule on firewall. So that I can access the cameras through static IP from anywhere. Regards, Satpal.
    • 23 days ago
    • Sophos Firewall
    • Discussions
  • UTM 9 to SFOS21 Migration

    Daniel Santner
    Daniel Santner
    Dear all, I found a Migration Tool on Github and did everythink like the Instructions told me to do. Here is the Link to the tool: https://github.com/sophos/Sophos-Migration-Utility-CLI Now I have a Problem, when I want to Import the "Export…
    • Answered
    • 23 days ago
    • Sophos Firewall
    • Discussions
  • IPSec VPN - Branch1 to Branch2 connectivity via HQ

    Gary McDonald
    Gary McDonald
    Hello All, I have 2 branch offices and one HQ office. I would like branch 1 to be able to communicate with branch 2 VIA the Sophos XGS appliance in the HQ. Can any body give me any pointers for the best way to achieve this. I know I could connect…
    • 24 days ago
    • Sophos Firewall
    • Discussions
  • FAILURE MULTIPLE GATEWAYS FAILOVER

    dan ghenea
    dan ghenea
    Very good to all!!! Objective: It is needed that the “SSL VPN” connections of the clients, are allowed to connect through “Sophos Connect” through the main_gateway, and in case of failure of this, they can connect through the backup_gateway. Case…
    • 24 days ago
    • Sophos Firewall
    • Discussions
  • Sophos XGS und interne DNS Auflösung

    Nico Martin1
    Nico Martin1
    Guten Morgen Leute mir ist aktuell an meiner Sophos v21 die auf einer SG 230 läuft aufgefallen das intern keine DNS Namensauflösungen intern funktionieren. Hier nutze ich verschiedene VLANs . Ich kann intern keine IPs oder Namen auflösen egal ob…
    • Answered
    • 24 days ago
    • Sophos Firewall
    • German Forum
  • CLI Commands for Hardware Diagnostics on Sophos Firewall 2100

    Suhaib Yousef
    Suhaib Yousef
    Hello, I would like to know the recommended CLI commands to perform hardware diagnostics on the Sophos Firewall 2100 . Specifically, I want to test components like CPU, memory, storage, and network interfaces to ensure the device is functioning properly…
    • Answered
    • 24 days ago
    • Sophos Firewall
    • Discussions
  • Sophos XGS SNAT IPSEC LAN2LAN VPN

    OTWolf
    OTWolf
    Hi, ich hatte eine SG230 und hier einen VPN IPSEC Tunnel zum Kunden. Hier wurde gewünscht, dass unsere Daten nur von einer IP Adresse gesendet werden. Somit hatte ich hier einen SNAT hinterlegt. Die Kollegen haben sich mit einem Service-User per SSL…
    • 24 days ago
    • Sophos Firewall
    • German Forum
  • v21 Let's Encrypt Cert creation and renewal fails, whan NAT Rule for HTTP/HTTPS exists

    PCPCH
    PCPCH
    On one of our XGS-firewalls, we need a NAT rule for HTTP/HTTPS. On this firewall, it's not possible to create or renewal a Let's Encrypt Cert. We need to disable the NAT rule, then it works to create/renewal the certificate. But this can't be the…
    • 24 days ago
    • Sophos Firewall
    • Discussions
  • Unable to access captive portal using Lets Encrypt certificate

    Tyler VanDorn
    Tyler VanDorn
    Problem: When I go to the portals from my LAN zone I can get into all of them except the captive portal. Ports 4443 (user) , 4444 (admin) work. Port 8090 gives me an error in the browser: Firefox v133.0: PR_END_OF_FILE_ERROR Chrome v131.0.6778.87: ERR_CONNECTION_CLOSED…
    • Answered
    • 24 days ago
    • Sophos Firewall
    • Discussions
  • Define exception for email protection in MTA mode with *.outbound.protection.outlook.com

    PhilippRusch
    PhilippRusch
    Hello, We are using onbox email protection with our SFOS 20.0.2, XG-System. I defined an FQDN-Host object as having the FQDN-wilcard *.outbound.protection.outlook.com. This object is listed correctly under the tab "FQDN-Host" at the "Hosts and Services…
    • Answered
    • 24 days ago
    • Sophos Firewall
    • Discussions
  • Sophos Firewall Blocking Page

    Kramnai
    Kramnai
    Hi! I am currently exploring Sophos based on my prior experience with it back in 2014. I am gradually migrating from my MikroTik setup to a Sophos Home Firewall, primarily due to its advanced security features. I have set up Sophos Home Firewall on…
    • Answered
    • 24 days ago
    • Sophos Firewall
    • Discussions
  • Advanced Threat Protection C2/Generic-A

    Edward Raja
    Edward Raja
    Hi , We are facing this issue. Any solution for this?
    • 25 days ago
    • Sophos Firewall
    • Discussions
  • V21 send through smarthost on port 587

    Bart van der Horst
    Bart van der Horst
    Hi, I've got to send mails through a smarthost in the MTA on port 587 with tls, but MTA is only doing plaintext. It was working on v20 in v21 not.
    • 25 days ago
    • Sophos Firewall
    • Discussions
  • Sophos Connect compatible with Snapdragon X?

    i-am-andrew
    i-am-andrew
    Hi, My employer uses Sophos Connect VPN. I currently use an Intel PC but am looking at changing to an ARM Snapdragon X PC. However I'm not sure whether Sophos Connect is compatible with Snapdragon X. Sophos "Supported platforms" on this support page…
    • 26 days ago
    • Sophos Firewall
    • Discussions
  • SFOS v21 - Windows DomainController connection to Clients behind RED recognized as Freegate Proxy

    Peter Riederer
    Peter Riederer
    Hey everyone, today i noticed our Windows DCs want to communicate with Windows Clients behind a RED Device, where SFOS is recognizing it as a Freegate Proxy Application and blocks it Src IP = Win DC Dst IP = Win Client behind RED Seems to be…
    • 25 days ago
    • Sophos Firewall
    • Discussions
  • ipsec cipher zum schutz vor quanten computern

    piddae
    piddae
    Hallo liebe Gemeinde, habt Ihr eine Idee wie wir z.B. unsere IPsecs wirkungsvoll gegen die Angriffe von Quantencomputern schützen können? Was ist da die Best Practice auch im Bezug auf den Zeitraum für einen Schlüssel Tausch, welche Cipher welche…
    • 27 days ago
    • Sophos Firewall
    • German Forum
  • Classification query

    rfcat_vk
    rfcat_vk
    Hi folks, a question for those who can provide guidance and maybe even answer. The daily report shows various classifications for NTP type traffic. 1/. 2/. 3/. I was reviewing the hairpin NAT configurations and found there were some items…
    • 26 days ago
    • Sophos Firewall
    • Discussions
  • clientless sftp

    Reem Jalal Eddine
    Reem Jalal Eddine
    i have configured a clientless sftp policy that contains the bookmark and the bookmark contains the private and public key along with server information. I created a user on our portal and allowed it to use this policy. I did on the side another rdp policy…
    • 28 days ago
    • Sophos Firewall
    • Discussions
  • Web filter log inconsistency

    Ilkka Ruuskanen
    Ilkka Ruuskanen
    Hi. I have a default firewall policy configured like this and web filtering is not configured to any other firewall rule. I do not use HTTPS decryption. Web filter works and I get a block message for denied HTTP sites and certificate error for…
    • Answered
    • 27 days ago
    • Sophos Firewall
    • Discussions
  • Whatsapp images and documents

    Mohamed Arbaaz
    Mohamed Arbaaz
    Hi I have an issue whereby users cannot send images or documents on whatsapp mobile app. We have policy rules for social restriction but whatsapp i alloewd but seems not to be working
    • Answered
    • 28 days ago
    • Sophos Firewall
    • Discussions
  • Sophos Firewall v21.0 GA - Kyber TLS (Edge/Chrome) connection reset error for transparent TLS decryption

    AIFS IT Support
    AIFS IT Support
    We recently upgraded our Sophos XGS 4300 to SFOS v21. Since then, we are finding that a number of our users were receieving connection reset messages in their browser (Edge and Chrome) when attempting to access some websites with transparent TLS decryption…
    • 26 days ago
    • Sophos Firewall
    • Discussions
  • XG 115 Network Protection License Renewal

    Ebrahim Alzubairi
    Ebrahim Alzubairi
    I have XG 115 which only has an active basic protection license. Now I need to add new sd-red 20 devices. Can I purchse the Network Protection license and proceed? Will it work? Cuz one of Network specialists told me it won't work, no more licenses for…
    • Answered
    • 29 days ago
    • Sophos Firewall
    • Discussions
  • View related content from anywhere
  • More
  • Cancel
<>