I am completely stumped by this. I am sure its something obvious that I am overlooking. Lan Port 1 - 192.168.1.254/24 MGMT port 5 - 172.16.0.254/24 I already had a rule saying mgmt subnet source 172.16.0.0 could access lan subnet destination 192…

What did I do wrong?

Hi I have a linux server in the DMZ, and I want to manually patch it from time to time. so I want to open access only during patches then close access to WAN. what are all the rules to put in place. well I'm going to choose the scheduled time tab.

Port forwarding rule I have an external ip address (PortB:8) currently used for a production website on port 443. I would like to be able to access a test web server via the same public IP via port 65443 and translate to port 443 at the server.…

how do I block traffic from a brodcast address in my local network?

Hi all, # XG330 I have a project to set up an SFTP server to transfer data securely from a remote station to the SFTP server located in the DMZ.(Head Ofice) the server is installed, configured and integrated into the dmz. the remote client uses an…

We have an XGS 3100 which approx. every 1-2 weeks becomes unresponsive and requires a hard restart as it completely stops functioning. We have a smart plug connected now, which automatically powers it off and on again if the network goes down to mitigate…

Does anyone experienced the same thing? Messenger app chats with End to End Encryption enabled cannot send messages behind Sophos XG Firewall. There's also a lot of ISAKMP VPN hits in the traffic insights recently. I'm also thinking my XG instance is…

“Our penetration testing team has discovered that our servers are responding to client requests with the server software name and its version. For instance, the responses include identifiers like “openssh_for_windows_9.2” or “nginx 1.22.1”. Does anyone…

We have 1 WAN IP from our ISP 18 LAN IPs from the ISP Current setup is one CAT6 from ISP to Sophos Firewall. Firewall has the 1 WAN IP interface setup for internet We need a port enabled for on the firewall for a Vendor router to use one of the…

Good Eve. Trying to connect to a network switch via https. Error page : The trust status of this website's certificate could not be securely established. About this request URL: https://somePublicIP Certificate details: Valid From: Feb…

Hello Everyone. I have my Sophos XG Virtualized in proxmox on a Dell PowerEdge R430, and it is working beautifully, except that my management network doesn't seem to be able to contact the internet, and I'm not sure why. I believe it's because the devices…

I created a new rule which allows traffic originating from VPN subnet to the external IP address. I verified in the logs that the traffic passes by unobstructed. Also verified in SSL VPN settings that the particular VPN profile contains that IP address…

CPU Consumption is very high some time it is going up to 98 % I Stopped Below Highlighted service after that CPU is under control but the AV & IPS Services are Required for Firewall. stop the required services is not a good practice

Hi guys, I'm having a problem with my firewall's memory. According to the screenshots below, the memory increases gradually over the days, until it reaches a point where the firewall freezes, making it necessary to physically restart. Would anyone…

Hello there, I have 2 Sophos Firewall connecting to Networks with IPSeC Site-to-Site VPN 1 Public IP for each network. XGS107 ( SFOS 19.5.3 MR-3-Build652) XG135 ( SFOS 18.5.2 MR-2-Build380) Network A 192.168.1.0/24 IPSeC gateway 172.16.21…

Good day We want to configure network quota surfing on users .. but we want to exclude emails from being accounted for .. like when the users has depleted his or her data for the day, but we want email to continue flowing. Is there a way to achieve…

Migrating our sites, and my brain, to sophos XGS from UTM In the UTM when I setup multiple WAN interfaces for uplink balancing, the object Uplink Interfaces was created. I could then use this object for things like the masquerade rules I do not…

Hello, We use several networks and several public IP addresses, which are stored as aliases on the WAN interface. How do I configure the NAT rule so that, for example, the public IP address xxx.xxx.xxx.xxx is used for network A and the address yyy.yyy…

Hello! I searched the forum but didn't find any relevant information. It's about a Sophos XG210, connected to a few RED boxes. A hardware terminal at a branch office, connected via RED, communicates with the software in the HQ via port 8015. Unfortunately…

Hello Sophos Team, is there a Documentation on what URLs / IPs need to be in a Firewall Rule for Destination Host? I know the Ports that are needed: HTTPS / NTP / DNS -> Forwarded to Firewall IP and Uplink to DNS Protection Just found a List for…

Good afternoon I work at Virtual Box. I have three virtual machines. The first is the Sophos firewall, the second is the Windows 10 client. And on the third I have an Ubuntu server. The task is to block traffic from the Windows 10 client to the Ubunu…

Sooo when scanning the system i've noticed 113 is the only port showing as closed / reject. Since the other ports are Drop I've created a rule to drop 113 from all connections but SFOS isn't honoring the rule. Why? Why would they decided to reject only…

Hello dear all, I'm connected with one of my clients via LAN, without going to the internet, just a LAN to LAN connection to have access to their server. But the port open to receive SNMP traffic is blocked from time to time, and I no longer receive…

Setting up Blink Cameras and the XGS126 is blocking communication with the Blink Servers. Have updated the policy to allow 554, 443 and 80 for the camera's IP Group but still no go. Anyone else got this to work ??