Hallo zusammen, ich habe auf einer physischen Schnittstelle, das interne Netzwerk 192.168.78.0 und das VLAN 10.10.10.0 in der Firewall habe ich das VLAN -> ANY -> Internes Netzt gesperrt... Dennoch komme ich aus dem VLAN (per WLAN) auf die internen…

Hi, I want to bypass the Hotspot function in UTM 9 with predefined clients (MAC adresses). I did not find any option for this. How can I do this?

I have only one IP but 2 URLs. On both URLs are the sam ports used for streaming. What I have to do, that for both URLs the port 8000 will be forwarded to different real web servers? So what I need is a DNAT depending on an URL. Thanks, H…

Hello Community, we use a Sophos UTM cluster consisting of two nodes running on Sophos UTM 9.718-5 This Cluster routes the traffic through specific vlans. We have strange behavior with windows server vms that are operated in vlans behind the sophos…

Hello Community, We have a UTM SG430 and 1GBit/s internet connection. Now I have noticed that IPS a. prevents the line from being fully utilized. b. Long response times (100ms-500ms) and even packet loss occur when the WAN interface is heavily utilized…

Hello everyone, we have sophos utm 9. We want to do white-box testing with a dedicated kali host. we want to give all access permission for the host to scan all port and ip of internal network. What should I do for this purpose? Any help would…

Hello volks, yesterday I stumbled over a weird new issue. It seems that our NAT masquerading rules are not applied when traffic matches a policy or multipath route (in interface mode). So I tried a traceroute with a port so the trace would match the…

Hello, We have currently two Sophos SG 210 (Sophos UTM, not XG) which are running on HA (Active/Passive). We have two WAN interfaces which were running previously at 400 / 20 Mbps and their bandwidth were good. Recently we proceeded with the upgrade…

Hello, I have multiple messages in Advanced Tread Protection. 2023:06:22-03:43:37 xxx ulogd[13536]: id="2022" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" action="drop" fwrule="63001" initf="eth0" threatname="C2/Generic…

SG210 running 9.715-3 - Transparent mode Hello all, I'm trying to get our remote users to be able to access our Azure/tenant SQL instance, as if coming from the office. Presently we have to whitelist a bunch of user IP addresses to let them connect…

Looking for suggestions on how to find the cause of tcp communication failures. I have some systems running "behind" a DomU SG UTM Firmware version: 9.714-4 on a XCP-ng 7.6 hypervisor with an AMD Opteron 6220 CPU. Everything works fine. Specifically…

I have the problem when a user is logging in at the Sophos Client Authentication App, he get's the failure message: "Can not validate Certificate SAA will close now" Wired thing is, when i start the App with Administrator privileges and the user logs…

Hello all, Having some issues with a pair of SG-330's running in HA Active-Passive mode. When I get Node2 powered on it stays on for about a minute, begins Synchronizing, and then powers off with seemingly no warning. When I power Node2 on without…

Hi Guys i have a Sophos UTM 9 SG310 within the network i have 7 Reds connected and each Red has TPLink access point, I can ping and reach these access points via cmd and web browser. but the hardware controller which is a TPLink OC 200 cannot see…

I think what we all were thinking, finished my Sophos UTM Udemy course, thanks for all of your suppor without this community, it wouldn't be easy as much as it is now, I just wanna thank the Sophs Community for your support. If you wanna take a look…

Hello, Sophos Services (Webadmin, Userportal, SMTP and so on) are on every Sophos IP address. But i need to disable or block every of thiis Services to spacific additional address. I try to create a Firewallrule and a NAT Sinkhole, but booth doesn…

Hello, Today i found something weird on my UTM logs, the client downloaded some files from Internet and i see the the traffic it show opposite direction, the download content should appear as Inbound traffic but below screenshot show totally wrong.…

Hi all, I updated our virtual test-UTM to the latest V9.711 and tried the new Sophos Connect client on macOS because we have a few customers with Macs. When importing the config-file (.ovpn) from the user-portal I get this error (my translation):…

Newbie question. I am running Sophos Home UTM 9 software appliance on a server I built. I have an app running on a single workstation that needs to communicated in and out on ports 4000 and 4001. I set up the following rules but it doesn't seem to be…

Under Webserver Protection -> Certificate Management -> Advanced I'm trying to enable LE certs, but i keep getting the message: "The previous attempt to enable Let’s Encrypt failed: Failed to retrieve the current Terms of Service link. Please try again…

I use Sophos UTM 9.708-6 (software version) as my gateway device. Behind it, I host CentOS Web Panel ( http://centos-webpanel.com/) . A Snort rule is being triggered when I try to update CWP. The rule: 21420 ( www.snort.org/.../1-21420) IPS log snippet…

Hi all! We are using SSL VPN and facing severe performance issues all the time. When using RDP, the desktop sometimes freezes and copying files to and from the remote desktop takes very long (about 1MB/s, the connections are capable of 10MB/s (home…

Hello everyone! we have a newly deployed Remote Desktop Gateway Server (on Windows Server 2019) installed in our environment and I was successfully able to publish it through our UTM 9 WAF. Unfortunately, by doing this I am only able to get RPC-HTTP…

Hello I want to know if it is possible to publish 3 ports (8000,3000,3001) of a server connected to a RED50 in standard/split mode. Currently it is working configuring the RED50 in standard/unified mode, but as all the traffic goes through the UTM Firewall…

Sorry but I have to unlock a user for Facebook inside our company network. We have blocked facebook for all, which works fine. Now just one marketing user need facebook for work and i want to whitelist this user so he can do his work on fb. We do not…