Hi Adam , Apologies for any inconvenience caused, Could you share the SDU logs for the same to analyze them , You may retrieve the SDU logs and upload onto any shared drive and share the link via private message me along with the Link to this thread as a reference to the issue . To fetch the SDU logs kindly follow the KB article. https://sophos.com/kb/33533

Hi QC, The SourceUpdates path maps to the update share ( \\a2adm2\SophosUpdate ). Should it be pointed to the parent directory of savlinux, or savlinux itself ( \\a2adm2\SophosUpdate\CIDs\S000\savlinux )? Thanks, David

Hi, via SMTP Debug Log überprüfen, warum dies passiert. Gehe von verweisten Certificate aus. https://community.sophos.com/kb/en-us/115325 Gruß.

Hi, Go to CLI and enter the option 4 then type: to disable: system system_modules h323 unload to enable system system_modules h323 load Regards Rodrigo

Hi Jak Sorry for the delay. Have been able to do as you have suggested and this resolves the issue on that PC. So, still appears to be an issue at Sophos, not locally. Regards R

Hi, Just wanted to confirm whether it is advisable to allow access to the user portal over WAN over 443? Is there any best practice for this? I am just concerned having the Sophos firewall available on the internet over 443. Thanks

[quote user="htguru"] ...since the they have since fixed it. (It did take 5 weeks #fail) [/quote] What fix? I am running 9.505-4 and the wifi still fails almost every day. Because that I am running an AP50 beneath the UTM. cu, Dino

waghelak , you can improve security by: changing the user portal port use OTP on user portal, so dual factor authentication is required Regards

DejanBukovec , did you install XG from scratch (I mean from v17) or is it an upgrade from a 16.5 version? Thanks Can someone open a ticket? Thanks

Thanks, I'm looking in those 3 places. Are you running your ESXi host on the QOTOM box? Mike

Louis, good question. Encrypting XG backup files is not yet supported natively. You can use a third-party tool to encrypt the file before sending it to another FTP server. Of course you need a bridge machine and use some script. Regards

Thank you Alan. Point taken. Are there other vendors' units I should be researching? Mike

Hello David, the updater, that is also responsible for the initial install, expects the savlinux (name doesn't matter, the contents do). Christian

Yes Bob, getting a bit frustrating now !!! 2017:10:27-15:24:26 gw2 ulogd[32740]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth4" srcmac="00:1a:8c:4c:0f:7c" srcip="157.240.1.52" dstip="10.1.3.97" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="443" dstport="57864" tcpflags="RST"

My company has a department that manages our energy management system control networks. They are currently using Cisco ASA firewalls but are considering other more affordable solutions. But due to our regulatory compliance requirement, their firewalls cannot have direct internet connections. I realize you can manually download the firmware and update the firewall sfos from the pc. But I wander if there is a way to activate the firewall licenses and update things like AV signatures, geoip databases, etc., from the PC or usb thumb drive. No, they don't need RED. Thank you! daniel

There are other choices but many of them have the Realtek gigabit LAN which seems to be an undesirable NIC around here. Another option is the MITXPC with an Intel Atom D2500, Dual Intel 82574L LAN https://www.amazon.com/Intel-Fanless-Mini-ITX-D2500CCE-PD12TI/dp/B008KB5YCK/ref=pd_sbs_147_1?_encoding=UTF8&pd_rd_i=B008KB5YCK&pd_rd_r=D2252Y2EX9MPCMR257BC&pd_rd_w=xVl71&pd_rd_wg=NWstJ&psc=1&refRID=D2252Y2EX9MPCMR257BC&dpID=41vno6EF6wL&preST=_SY300_QL70_&dpSrc=detail#Ask

Louis, you can encrypt the file on your own using a third-party. FTP is unsecure because credentials are transmitted in clear text. Same thing for SMTP. Regards

Hi Kostas, For a visual, here's a youtube video you can watch on this topic: https://www.youtube.com/watch?v=q0GwtPLS0nk Cheers, Karlos

Hi und danke für deinen Vorschlag! Was meinst du mit "verwaistes Zertifikat"? Das Zertifikat des Absenders wird ja von anderen UTMs ausgelesen - nur meine UTM möchte dieses Zertifikat nicht auslesen. Ansonsten werden auch alle Zertifikate von anderen Absendern ausgelesen - nur eben dies nicht! Der SMTP Debug Log ist nicht wirklich hilfreich... zumindest habe ich dort keinen Grund für das Verhalten gefunden! :-( Gruß Martin

Unable to whitelist dhl-usa.com. The base site DHL.com is already on the allowed sites list, but when changing to the USA regional site we get a block message: "Your organization's policy prohibits access to this website." Any ideas?

Latest Images