Hi I have same issue with Microsoft Server 2016 and Sophos SG135 now :) - https://community.sophos.com/products/unified-threat-management/f/network-protection-firewall-nat-qos-ips/87949/configure-sophos-sg-135-utm-9-to-allow-microsoft-routing-and-remote-access-service-microsoft-rras If you managed to resolve your issue and by any chance recall what was the solution back in 2003 :) I would much appreciate it! Thanks, Kon
↧
Forum Post: RE: Allow PPTP VPN traffic thru ASL to internal RRAS?
↧
Forum Post: Sophos Home Main Window
Does the Sophos Home Main Window have to be open for protection. In other words, does the Sophos Home app need to be open?
↧
↧
Forum Post: LTE Stick für Sophos UTM
Hallo zusammen, ich suche um Site2Site-VPN und für User einen Remote Access mit SSL-VPN anzubieten, einen LTE-Stick. Der LTE-Stick soll per USB an die UTM SG125 angesteckt werden. Andere Leitungen gibt es an dem Ort nicht, aber 4G. Die SIM-Karte ist von Vodafone und hat eine feste IP hinterlegt. Im ersten Versuch habe ich ein Vodafone LTE B1000 angeschlossen, aber das funktioniert nicht. Zudem kann die Generation noch nicht mit festen IP-Adressen umgehen. Kann mir jemand bitte ein paar LTE-Sticks empfehlen, die man online bestellen kann? Würde mich sehr freuen! Ich hätte es nicht für möglich gehalten, aber in unserer Großstadt wird fast jeder LTE-Stick mit SIM-LOCK verkauft und sind von einem Provider. Vielen Dank
↧
Forum Post: RE: SSL VPN (Remote Access) - terrible latency issues / ping times
When experiencing bad ping times: -What bandwidth is used on internet? -What is WAN speed? A DSL modem has pretty large buffers, filling up its upload will make everything pretty slow.
↧
Forum Post: RE: False Intrusion alarms
I would not do that to be honest. What you want to do really is to set up your UTM as a main DNS server, than setup DNS forwarder for your domain suffix (ie. contoso.local -> contoso DC(s)). This way each client on the network will ask your UTM for DNS resolution first and it will be visible right away if there is any infected host. For any internal domain queries your UTM will forward requests to your DC for resolution. Best approach in my opinion.
↧
↧
Forum Post: RE: Multiple subnets on a single WAN interface and outgoing NAT
There's probably no need to specify 2nd gateway (assuming it's just the same ISP router having both GW addresses) In LAN to WAN rule, don't use masquerading, but specify the alias IP as source
↧
Forum Post: RE: Sophos Home for Windows 10 constantly says Update in Progress - How to Fix?
Has the SDU Log been looked at yet? Any update? Alos, you mentiioned re-installing the AV onto my system, but I cannot find a download to install. I am assuming that the AV is the anti-virus, right? Do I have to create a new account to re-download the AV files? Please HELP, I am desperate to get this resolved! Thanks.
↧
Forum Post: RE: SG 135 tot
Hallo Christoph, ähnliche Verhalten konnte ich mal bei einer RED beobachten deren Steckernetzteil nicht in Ordnung war. Die LED's leuchteten teils dauerhaft teils blinkend aber nicht wie bei einem ganz gestorbenen Netzteil, gar nicht mehr! Die Funktion war aber gleich Null, da führten einem die LED'S auf eine falsche Richtung. Netzteil getauscht und es ging weiter. Vielleicht mal testen, könnte ein Workaround sein. Gruß Ster
↧
Forum Post: RE: Why Is Bridge Mode An Option For Guest Network?
Hi, Guest NW with bridge mode differs from VLAN in the way that you don't need a VLAN for a separation: it will filter all traffic and will only allow communication to the gateway, the DNS server and external network. Thereby you can add a guest NW to an environment without VLAN and still have an isolation. The difference to NAT mode is that the DHCP server is still in the customer network. By this, roaming between APs works flawlessly. With NAT mode, every guest NW on each AP is isolated and roaming cannot work flawlessly. As you already pointed out, based on the documentation, this behaviour isn't described correctly. We will extend the documentation. Kind regards, Dirk Bolte
↧
↧
Forum Post: SSO with SFOS Version 16.05.1 MR-1, users are constantly presented with captive portal
Hello all, I currently have the version (SFOS 16.05.1 MR-1) in an XG 310, and I happen to be constantly with SSO implemented and more than proven its operation, it turns out that users are surfing the Internet and suddenly they are Presents the captive portal. They must close and log on to their computers in order to surf the Internet again. After a short time, the same thing happens again. Anyone can do that, thanks?
↧
Forum Post: RE: iDevice
Hi, can you open a support request so that we can have a look at the APs ourselves? We need to check what the beacons are looking like + what the interface configuration is, so that we can do a reproduction in-house. Next to iPhone5, have you seen it on any other device type? Is there any iPhone5 in your environment that doesn't show this behaviour? Kind regards, Dirk Bolte
↧
Forum Post: Office 365 Spam Filtering with XG Firewall
Hello, We're waiting for our XG Firewall to be delivered. In the mean time I'm trying to find the best way to accomplish doing email scanning via the XG Firewall with our OFfice 365 users. I've stumbled upon this guide a few times now: http://www.internalit.ca/blog/post/filtering-office-365-email-through-a-sophos-utm-guide Does anyone know if there's an adaptation of this specifically for the XG Firewalls running v16 software? I have a bit of experience with the XG line-up, but have never had the chance to work on any UTM systems. For the most part it seems pretty straight forward, however I just want to see if there's any XG users that have set this up that have any tips or suggestions?
↧
Forum Post: RE: Webserver in DMZ - Zugriff vom LAN aus auf DynDNS-URL
Hi Frank, ich hab den Aufbau nicht ganz verstanden. Die FB läuft im Bridge Mode, d.h. die externe IP liegt auf dem WAN Interface der UTM an? Und an der UTM hast Du einen weiteren Port für die DMZ, der dann zurück auf die FB auf Port 2 geht? Wie verhält sich denn die FB im Bridge Mode? Können die restlichen 3 LAN Ports normal genutzt werden, aber ohne Verbindung ins Internet über den WAN Port? Sozusagen als Switch für die DMZ? Wenn Du keinen Business Anschluss von UM hast, und somit mehrere öffentliche IP Adressen, bringen Dir die beiden DynDNS Namen nix weil beide auf die gleiche IP zeigen. Trotzdem sollte die UTM das aber auflösen. Als Workaround könntest Du einen statischen DNS Eintrag für cloud.dyn.xxx mit der 192.168.11.2 in der UTM anlegen. Gruß Jas Man
↧
↧
Forum Post: RE: XG 16.05 GA How to extract Appliance certificate please ?
Can you tell us how to download it? There is no download option. I can only generate a new one by clicking on the gear.
↧
Forum Post: RE: XG 16.05 GA How to extract Appliance certificate please ?
If you look at the righthand side there is a button/icon for download of the default and the CA certificates. When installing the certificate you might need the password to prove certificate ownership.
↧
Forum Post: RE: Increment TTL LAN-WAN [SFOS 16.05.1 MR-1]
This might seem like a silly question by why, what advantage do you see? What issue are you trying to address? The next update will restore the settings.
↧
Forum Post: Ready to Scream
Installed--go to Dashboard and cannot find how to configure---below is ALL I GET---where is configuration---This Computer has been added???
↧
↧
Forum Post: RE: Ready to Scream
Computer is NOT in dashboard on re log in---what gives?
↧
Forum Post: RE: Ready to Scream
It would be helpful if SOPHOS stated a Shut Down and Launch was required to find the device that had been added. !!!
↧
Forum Post: RE: Some URLs are blocked when using HTTPS Inspection
I added a certificate to FF on the mac and all sites work. I added the certificate to the ipad and facebook is still broken. I will have to check the logs for clarification. It is not the XG blocking facebook, but facebook on the ipad not talking.
↧
