[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

Sophos

238

Solutions

425

Contributors

Sophos develops products for communication endpoint, encryption, network security, email security and mobile security as well as unified threat management. Products include hardware (or software virtual appliance) network firewalls including web browsing protection, AntiSpam filters and antivirus protection, encryption and data protection, web filter, antispam and mobile content and device management tools.

Share tech news, updates, or what's on your mind.

Sign up to Post

Dear Experts,

I have a Sophos vhdx installed into my hyper-V version SFOS 17.1.3 MR-3.

How do i login and configure the IP address and its interfaces?

I only managed to access the console via the Main Menu.
1
OWASP Proactive Controls
LVL 12
OWASP Proactive Controls

Learn the most important control and control categories that every architect and developer should include in their projects.

Hi Guys,

I am trying to configure a SonicWALL TZ400 site-to-site VPN.
We have a Sophos firewall router on the remote side.

The Dell SonicWALL replaces our previous Netgear Prosafe FVS336G router, which connects the site-to-site VPN successfully.

I confirmed the Dell SonicWALL VPN / IPsec settings again and again, but no connection unfortunately.

I used the SonicWALL quick VPN configuration.

I've noticed that the access rules for "VPN to LAN" have been auto-added, as well as "VPN to WAN"

Are there any changes that is needed to the access rules, or NAT rules for the site-to-site VPN to work?
Any recommendations are welcome ...
0
We have a Windows 2012 R2 domain with 2 domain controllers. Users authenticate to the domain with no problems.

We have 2 subnets
LAN: 192.168.0.0/24
WLAN: 192.168.4.0/24

The WLAN traffic is routed through our Sophos XG230 Firewall/Router 192.168.0.1

Any user authenticating against one of the domain controllers (from the WLAN) shows  the ip address of the Firewall/Router, not its correct ip address of hte host they are on.

I can see this in the kerberos TGT in Event Viewer 4768.

This is only happening on 1 of the domain controllers.

Any ideas on how troubleshoot would be greatly appreciated.
0
I am looking at getting a new Wifi solution for our new building.  I have looked at Meraki, Ruckus and Arruba, Sophos and even at a Cisco controller option.
I'm having a hard time deciding which solution is best for my environment.  We have two separate buildings, but will all be one system.  Hands down, the Meraki cloud has the best analystics and displays the data the best, my opinion, but it's not the cheapest.  Going from a controller based to cloud based design makes me uneasy, as if the internet goes down, then my entire wifi is down as well.  
By far I like the Meraki dashboard and the options available in their cloud.

We will need about 50 APs for both buildings.  I'm working with a vendor that said after we move forward with the purchase, they will perform a heatmap analysis, so we know where to place them, so that's good.

Any suggestions what to look out for, or any recommendations?  
Does anyone not like Meraki or any of the others I mentioned?
1
We have experienced some issue with Sophos AV and Exchange server 2016. I want to uninstall Sophos but have been unable to do so cleanly(even with the help of their tech support). I remember that MS had and uninstall tool that worked very well. Is this tool available and if so where can I obtain it? If the answer is no what other options do I have.
0
I looking for any free firewall software appliance. (Like the old version of sophos. The new version of Sophos provide only 30 days software appliance)
I don't know if there is any firewall which provide a software appliance free and without time restriction.
0
I am looking at a replacement for our aging Cyberoam UTM. One of our options is the Sophos X330, which appears to be a good upgrade path for my requirements.

Has anyone used Cyberoam and the moved to Sophos? I am curious if there are setup and managing similarities. Seeing as Sophos acquired Cyberoam a few years ago, I was wondering if the Sophos UTM would be familiar in some way after using Cyberoam. Maybe they had adopted various features, and so the appliance would be familiar in how it was setup.

Would you consider the Sophos XG series easy to setup and deploy? I don't really want to get a technician in to setup the system on the new UTM. I setup our Cyberoam and continue to manage it without a problem, so I am hoping to do this with whichever new one we choose.

Any other thoughts about your positive or negative experience with Sophos UTM's would be appreciated?
0
We are currently deploying Mimecast to our environment. We had setup the journaling and send connectors. We found that all the journaled traffic was causing a backlog in our on premise Sophos Email appliance. My question is, can I configure the primary send connector to our email domains instead of *, and configure the mimecast send connector for it's domain @journal.ourdomain.com.au, or is this going to cause issues?
0
Dear Experts, can you please suggest pros and cons of this diagram? Any suggestion please?

aqua.PNG
0
Dear Experts, we are moving our Data Center in the next 2 months. What should we consider and take note in order to move DC smoothly?

Our environment:
- 4 x Server ESXi6.5 (HP Gen9)
- 2 x Routers Cisco 3925
- 2 x Core Switch Cisco 3750/3560
- 1 x Firewall Sophos XG
- 10 x Access Switch Cisco CE500
- 5 x WAP Cisco Meraki MR18
- 5 x Physical Server IBM x3650

Many thanks!
0
CompTIA Security+
LVL 12
CompTIA Security+

Learn the essential functions of CompTIA Security+, which establishes the core knowledge required of any cybersecurity role and leads professionals into intermediate-level cybersecurity jobs.

Outlook 2007...
Recieving but NOT sending emails...
Occasional Secuirty Certificate cannot be Verified...

My mother in law...age 95 is active on her PC...She uses Outlook and is fairly familiar with it...We POP Gmail...

She has been using this PC with W7 and Outlook 2007 for about 8 years...
She lives in an assisted care facility...

About 2 weeks ago she started getting Security Certificate cannot be Verified...
Relates to Sophos...says a mismatch in the SSL port...and Outlook will NOT send email...but she recieves email ok...

I cleaned it up...reinstalled Office 2007...and got the same problem...no joy...

So...I took it to my shop...and discovered that Outlook worked just fine on MY internet connection...

BUT....I rebuild the PC anyway and installed W10...re-installed Outlook 2007...connected her PST file and everything is working perfectly on MY internet...

I set it up again in her apartment at the assisted care facility and Outlook will NOT send email...I had the facilities maintenance guy try...and we cannot get it working...
Internet is fine...if I go to Gmai webmail her email works just fine...

So...It seems to be an Outlook issue on the facilities network...

So...on Gmail the SMTP port is 587....what do you think the chances are that the IT company that handles the assisted care facility closed port 587 on the router...???

Or...is there some possible other reason for the issue...

Many thanks in advance...
Amber-gmail-settings.docx
0
Hi all,

We have a VPN tunnel between two Sophos firewalls.

Location A = 10.102.0.0/24, 192.168.99.0/24 (VLAN99)
Location B = 10.102.1.0/24

The VPN tunnel is UP and communication between the main networks is working properly.

From site B, however, the DMZ network (VLAN99) in site A is only limited reachable.


From Site B -> I can ping the gateway (192.168.99.1) but the Printer (192.168.99.14) is not reachable. I should say only the gateway is reachable everything else can't be reached through the VPN tunnel from side b.

I have attached a screenshot of the VPN tunnel configuration of both sites.

Thanks in advance.
connection-between-site-a-and-b.png
0
I have a couple of machines that are not able to browse to HTTP sites at a remote site where that I have established a PPTP VPN to that site (via the OS). I can ping the respective IP address fine however HTTP browsing does not work. I am of great suspicion that this is something in our Sophos UTM as I can browse to the HTTP sites on my laptop via cellular connection fine (effectively bypassing the Sophos UTM).

I am not using 'use default gateway on remote network' yet I am unable to packet capture (in the Sophos UTM) any traffic going via the PPTP VPN to the remote site.

I've worked with Sophos UTMs (ex Cyberoam) for a number of years now and I cannot see anything obvious where anything would be being blocked or dropped. Everything is open. Nothing has been modified recently that would prevent this, and it only stopped in the last few months (yes I've been slack).

Has anyone experienced similar issues?
0
I have a Sophos Firewall at home(Version 9.5) .I created a Guest WLAN access. I connect Guest wlan no problem, internet etc works.
I try to RDP connection to my friend laptop which is windows 10 computer ,from Guest Wlan cant RDP to external.
I I use network cable connect my laptop then I can RDP to my Friend laptop.

Internal Cable connectionRDPmy friend  laptop =WORKS!
Guest-WLANRDPmy friend laptop =NOT WORKING!


Do I need a rule under Guest-WLAN?
0
Goal:
Connect to shared drive's and browse through server shares over SSL VPN
----------------------------------------
Setup:
Sophos XG 125 UTM Firewall
Windows Server 2008 R2
-----------------------------------------
Issue:
We have configured our Sophos XG 125 UTM Firewall for SSL VPN.  This will allow our clients to connect into their workplace so they can safely either RDP into their computer OR use the server shared drives.
I've configured this for many of our other clients and have had no issues.  Have also contacted and worked with Sophos Support to confirm it's not a Sophos config issue or VPN issue.  

Our SSL VPN connection is successfully established.  I am able to ping all server IP's as well as their FQDN and get a response.  I am also able to RDP to the required computers.  
I simply cannot browse to the server thrgouh UNC.

I've compared this to our other client's setup's that have the same SSL VPN setup and we have no trouble browsing UNC.  

I also performed a TCP Dump on the Firewall at the time I try to UNC and it shows the requests going to the server but the server does not respond to the request.

I feel that I've ruled out the SSL VPN and Sophos Setup, DNS, Network Discovery, NTFS and File Sharing Permissions.  Any idea's?
0
How to unblock WSuS traffic from Sophos xg firewall in domain
0
Client is using a Sophos XG Firewall to filter email. The XG had been configured in MTA mode and had been working with an Exchange 2010 server running on  Server 2008R2 for about 1 year. Over the weekend, the client updated the firmware from SFOS17.0.2 MR-2, to SFOS 1706 MR-6. After the update, Sophos log reported that email had been delivered from the Sophos to Exchange, but was not received in the client mailboxes.

A call to Sophos support resulted in turning the Sophos from MTA mode to Legacy mode which achieved the objective of Email being filtered and delivered to user mailboxes, however, any reports generated by the XG (i.e. Quarantine Digest) are not being delivered from the XG to Exchange.

One symptom which the Sophos tech was unable to explain was that he was able to telnet from a workstation into the Exchange server, and get a response, but not from the XG into the Exchange server. We would get "Connection refused". When reviewing the Sophos logs (after the change to Legacy mode), System Log reports "Fail to send mail: Cannot connect to mail server servername.domainname.com:25, when attempting to send a test from the XG.

There have been no changes to the email server and the only change is the XG firmware. Has anyone else experienced this issue?
0
Unable to find solution for event ID 5038 on Windows Server 2008 Enterprise, Service Pack 2. Event details as below. The file path mentioned in the event details is pertains to Sophos Antivirus program.

Event ID Details:
Code integrity determined that the image hash of a file is not valid.  The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name:      \Device\HarddiskVolume1\Windows\System32\drivers\savonaccess.sys      

Please advice solution to the above event ID to stop and resolve. - Pritesh Parikh - (Email: Pritesh_net@yahoo.com).
0
Hi

Whats the best way to check/pull the config from a Sophos XG210 firewall.
0
Become a Certified Penetration Testing Engineer
LVL 12
Become a Certified Penetration Testing Engineer

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

Inherited a new client with a Sophos appliance.  The UTM 9 so far seems to be a great device.  That being said, I am trying to turn off filtering for a specific endpoint.  Even though it is in the "allow access", when I am on that endpoint it still get re-directed to a webpage hosted on the appliance and is expecting to want some sort of authentication.  Are there good tutorials on how to manage Sophos?
0
We had a user whose laptop was infected with ransomware, and that led me to look into the solution to it, and our backup system.
Fortunately, he was not connected to the company network, so the files were only locked in his laptop.
Free ransomware removal tool from TrendMicro, and someone else did not work.

1. What is the best removal tool?

I am looking into Sophos. They have Enterprise Malware Removal Tool that can take care of Ransomware. We use their anti-virus software, so theirs caught my eye.

2. What is the best backup strategy?

I had a IT admin friend, and his system got infected. He spent $30K to get his files back from the servers, and what was interesting was that the ransomware did not manifest itself right away. It was like 2 or 3 days later.
Right now, my servers are backed up fully every night to a USB drive. I have only 3 servers. No incremental or differential. I'd like to know how people backup a couple of terabyte data these days. Tape systems were used in the past, and each day manually or automatically different tapes were used. Do people do this even in 2018? I only used it 10 years ago.

https://www.amazon.com/EX4100-Expert-Network-Attached-Storage/dp/B00TB8XN2E
These can have multiple full backups, and each time are they totally offline from each other? I hear that Ransomware can go into other resources in the same LAN. Then I need a backup system that can backup multiple generations (like daily), and they need to be completely …
0
Hi all,

I'm looking for a bit of help getting started with my HP 1820-24g switch .

my network plan :

sophos router eth1(lan 192.168.0.1/24) and i configured the sophos router so : new interface eth4 (192.168.2.1/24) mit VLAN ID :10 function.

i also sophos router configured dhcp scopes for 192.168.2.100- to 200

so i connected sophos eth4 lan cable  -->switch port 1


so i have the native vlan 1, and  vlan 10(port 1-10 tagged) for lan  on the router.

my problem are:
1. if i change sophos interface(eth4)  Vlan funtion to only ethernet and i connect my laptop port 7 then get my laptop IP from sophos router dhcp server.

2.if i change sophos inteface (eth4) only Vlan fuction (vlan 10),then my laptop gets no ip from sophos dhcp server.

any idea and help?
Thank you
0
For the patch of the chip vulnerability, can I just download the patch from microsoft and install it on all servers and workstations rather than use windows update?  I have a couple servers and 20 workstations.  Also, I noticed that you have to be careful with antivirus because of a registry entry.  Can someone help me out with this issue, I use SOPHOS antivirus and the link below details what they are doing to work with the MS patch.  I think it says that SOPHOS works with the patch but I am not entirely sure.  Better safe than sorry.  Here is the link:    https://community.sophos.com/kb/en-us/128053
0
Hi All,
We have two sites linked via BT routers and each site has its own UTM and fail over simple diagram below.

WAN                                         WAN
  |                                              |
Router                                     Router
  |                                               |
UTM                                         UTM
  |                                               |
Lan - Router -WAN - Router - LAN

So we have a site link and two sites with Primary/DR with fail over routers

The primary site UTM has IP : 194.72.126.66 GW : 194.72.126.65
The primary sites internet works fine

The secondary DR site UTm has IP : 194.74.139.67 GW : 194.72.126.65
I cannot get out to the internet from this UTM

BT have said there is no issue with the routers and the failover is working on the routers.   Below is the information BT have provided me concerning the IP address allocation.

I have recently taken over this position and I'm under the impression this has never worked any ideas why the second UTM at the DR site cannot get  onto the internet?

Regards

John H

194.72.126.64 255.255.255.224
194.72.126.74<<used on primary router
194.72.126.75<<used on V1 router
194.72.126.65<< HSRP standby address and the gateway for you to point to from both devices
 
194.74.139.64 255.255.255.240
194.74.139.66<<< used on primary
194.74.139.67<<used on V1
194.74.139.65<<< HSRP standby address and the gateway for you to point to…
0
Hi

Were looking at this in detail.  Would like to audit and monitor data that is being driven by users, so services and apps they are using, and what they are sending via email in particular.
Tried exchange online DLP - pants.
Mimecast DLP - pants
Sophos DLP - seems ok, but not great.

Anything else out there?

Thanks
0

Sophos

238

Solutions

425

Contributors

Sophos develops products for communication endpoint, encryption, network security, email security and mobile security as well as unified threat management. Products include hardware (or software virtual appliance) network firewalls including web browsing protection, AntiSpam filters and antivirus protection, encryption and data protection, web filter, antispam and mobile content and device management tools.

Top Experts In
Sophos
<
Monthly
>