Go Premium for a chance to win a PS4. Enter to Win







Sophos develops products for communication endpoint, encryption, network security, email security and mobile security as well as unified threat management. Products include hardware (or software virtual appliance) network firewalls including web browsing protection, AntiSpam filters and antivirus protection, encryption and data protection, web filter, antispam and mobile content and device management tools.

Share tech news, updates, or what's on your mind.

Sign up to Post

Dear Experts, we could not setup the VPN connection between Router C3925 and Firewall Sophos XG210. Attached files are the log in both 2 devices. Please revise and suggest, many thanks!

Public IP address of Firewall Sophos XG210: {A}.{B}.{C}.{D}
LAN IP network of Firewall:

Public IP address of Router C3925: {Q}.{W}.{E}.{R}
LAN IP network of Firewall:

This is the configuration on Router

interface GigabitEthernet0/1
 description "ISP 1"
 ip address {Q}.{W}.{E}.{R}
 ip access-group SECURITY-IN in
 ip access-group SECURITY-OUT out
 ip flow ingress
 ip nat outside
 ip virtual-reassembly in max-fragments 16 max-reassemblies 64 timeout 5
 duplex auto
 speed auto
 crypto map MYMAP

crypto isakmp policy 10
 hash md5
 authentication pre-share
 group 2
crypto isakmp key 6 password_here address {A}.{B}.{C}.{D}
crypto ipsec security-association lifetime seconds 1800
crypto ipsec transform-set MYSET esp-des esp-md5-hmac

crypto map MYMAP 10 ipsec-isakmp
 set peer {A}.{B}.{C}.{D}
 set transform-set MYSET
 match address 106

access-list 106 permit ip

Open in new window

Here is the configurations on Firewall:

IPSec profile:
IP Host:
Firewall rule:
Firewall VPN:
How to Use the Help Bell
LVL 11
How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Set-up issues

I will preface this by saying I had a UTM120 for three years with the UTM9 OS and right now thinking boy I miss those days.  I was told that my appliance was nearing end-of-life so to renew licensing I went with the XG115.  I had configured UTM9 on my own and generated help desk cases if issues arose.  This appliance is quite a bit different.  Firmware XG115 (SFOS 17.0.0 GA) so on the latest firmware.

What I am trying to resolve right now is that any type of web surfing is extremely painful.  I have an on-premise Exchange server so port 443 is being forwarded to it but I also have the default network rule of WAN to LAN all ports and all services are open.  I have a similar network rule that WAN to LAN port 443 is open thinking of other workstations that initiate SSL traffic it will find its way back to the device that initiated the traffic.  Let's face it.  Most web sites are https.  I am constantly being warned that the certificate cannot be verified and I have to click to still access the site or create an exception for the site depending on the browser.  I cannot log in using an account to any web site.  Some sites I can't even create the exception in Firefox.  I can't use the StartPage search engine.  Amazon looks like crap.  No pictures and just a bunch of links.

A little bit on the network.  Uverse gateway goes to a Cisco ASA appliance that I consider my perimeter (and why not have another layer of defense !).  The XG is in bridge mode.  For a …
What are the differences between Sophos XG and Sophos UTM? Do we have an iso file of Sophos XG? Many thanks!
I've recently installed Sophos XG230 UTMs on two campuses. Now our Sharp copiers could no longer scan to email.

They SMTP through a gmail account.

I know the user email and password are correct but we get a Error [3332]:  Authentication type not supported.
When tested with 'no authentication' connection to SMTP server is fine.

Whilst testing I have allowed all outbound traffic.

Any help would be greatly appreciated.
Dear Experts, we have 1000 users located at multiple sites.
- The Headquarter office includes 400 users, has Cisco Router 3925, not yet Firewall.
- Site A includes 200 users, has Sophos Firewall.
- Each of Site B, C, D, E has 100 users, only has Modem Internet, not yet Firewall

In Headquarter, the AD server (Win Server 2012R2) is ready but we are not sure about the method to join domain for ALL users. We have several questions as below:

1. MPLS-VPN leasdline and VPN connection, which one is better in terms of performance and cost?

2. In case we choose VPN connection, should we choose Site-to-Site VPN or Remote-Access VPN, and why? Which devices should we buy?

3. As my understanding, in VPN connection, the users who connected will use the Internet connection from VPN server, is it right? If so, will the VPN connection is suitable for 1000 users?

4. For the Domain diagram, which model should we use for high performance and availability? We intend to install Addition DC in Headquarter and RODC in each site? Is it okay?

5. In Headquarter, all servers are VM and we have Veeam 9.5 to backup, but in sites servers are physical. Which backup software is the best for physical AD machines?  
I am looking for any software appliance for Sophos XG.

I need it for make practice with Sophos firewall.
I need a firewall for branch office with 8 users and may go up to 12 in the next year or two. Most of the resources are in Head Office (HO) and has Sophos XG firewall. Remote users use Sophos SSL VPN client individually on their computer and RDP access to connect to HO. Now the requirement is to replace SSL VPN client and establish a site-to-site VPN and join all the remote computers to the DC in HO. I was looking at Sophos XG 115 for the branch office.

Would like to get some expert advise on Sophos XG 115 device for branch office or if there are any other better alternative available for site-to-site VPN? Also trying to keep the cost to minimum.
Sites hosted on godaddys secureserver.net are inaccessible from our main external ip address.  I called our firewall support at sophos and they said that the sites in question are not responding to our tcp handshake and this is why we cant connect. Sophos says I needed to call godaddy and see why they are blocking our ip address. I called them but they said our ip is not blocked and there is nothing they can do for us.  Im not sure what to do next.  Any ideas?

We have been asked to setup mandatory TLS by one of our customers, for all incoming and outgoing mail to their domain.

We run Exchange 2010 servers, Sophos Email Appliance, and we also use a cloud based spam filter.
All incoming and outgoing email goes through the Sophos smarthost, also incoming mail hits the spam filter first then is passed to Sophos.  Outgoing mail doesn't go through the spam filter.

I've researched and think I know how to configure TLS on Exchange, Sophos, and our spam filter.

Will I need to configure TLS on Exchange for the send and receive connector?
Exchange isn't externally facing, so I am assuming the self-signed certificate will work for TLS with our internal smarthost?   The smarthost is externally facing so it will need a public cert and configuring for TLS.

I had a thought that maybe for incoming email I wouldn't need to configure TLS on our internal Exchange, but I could be wrong?

Thanks in advance.
I am interested in installing Sophos XG firewall home edition on a PC. the following link has been given to me by Sophos as a link for the free download.

Link for Sophos XG firewall home Edition

I am somewhat nervous however as the site issues a warning to the effect that any existing operating system will be erased when installing the product. I understand this bit I am not sure what will happen if I click the Get Started button on the Sophos web site.
I would hope that an image file would be downloaded that I could burn to a CD/DVD and then use to install the product on a PC with no OS on it.
I wish to be assured that clicking on the Get Started button won't result in the XG firewall being installed on my PC and wiping out the my PC.
Free Tool: SSL Checker
LVL 11
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

am a bit puzzled with how proxy server works, This is simply set in user's IE setting pointing to Proxy server for internet access (lets say site A is where the proxy server is located)

here is the confusion, remote site B users use the same proxy configured same as the above in IE, they are able to access internet successfully. I am trying to install Sophos Central (.exe file) on machine's in site B which needs  an active internet connection for the installation to complete successfully as its Cloud based and needs to communicate/download over the internet.

The issue is it can't communicate with Sophos Cloud portal and the installation cant continue, the only way I can get it to communicate is by using Netsh - netsh winhttp set proxy proxyservername:portnumber, on the computer and then this allow the installation to complete.

So my question is why doesn't IE proxy setting work for this Sophos installer but the above command does, what's the difference between them and how can I go about installing this on other computers without having to manually type this command on every machine?

We are looking at upgrading our current Exchange 2010 onsite servers to the Exchange 365 Cloud based.  We currently have onsite Barracuda and Sophos devices that handle our SPAM and Antivirus e-mail scans.  We will have these devices for a couple more years before renewing.  I was wondering if anyone has any information on using these devices with the Exchange 365 cloud?  We are told that they will work, but we are wondering about the e-mail coming here and then up to Exchange 365.

Thank you
Dear Experts,
I have an issue lately after upgrading email security appliance. All outbound mails are using my Cisco firewall interface IP and often bounces as my email server public IP is different. Email appliance is Sophos EA.
My email server public IP is 86.xxx.xxx.197
Cisco FW ASA interface public IP 86.xxx.xxx.196
There is n option on sophos to change outbound IP address it takes primary up (internal).
On Cisco I have all SMTP traffic going out via 86.xxx.xxx.197. but still traffic from sophos EA goes out via 196.
What should I do on Cisco ASA to make sophos ( internal IP to use 86.xxx.xxx.197 for all outbound traffic.
We have the sophos utm firewall. Do you know if there is a way to get a specific users web traffic?
Hi all.
I need guidance/ assistance in if anyone has done a similar project? Rolling out kaspersky and uninstalling sophos..
We have around 900 workstations and 100 servers (VMs)...anyone has done a project plan Project plan ..risks...dependencies plan?

I am running powershell to stop services, uninstall applications and remove some keys out of the registry.

If I open up Powershell as Administrator and type the commands manually they work a treat.
If I save those same commands as a .PS1 folder and run as administrator I get a field of red text saying all sorts.

I have run as Administrator, set Execution policy to unrestricted and have sufficient administrator privileges. Why wont the commands run when in PS1 but will individually?

Pictures Attached.

I tried searching, but I'm a combination of surviving on 6 hours sleep split across 3 days and probably not finding the right words to put... So my apologies. Anyway:

My job site has been hit by the NotPetya attack. Long story short, out of 400 computers, 150 refuse to grab AV definitions from Sophos' offline servers (meaning it stupidly only pulled it from the fileserver at one point), and for some reason, the local admin password is no longer valid... On top of 25 infected machines, which both combined is causing corporate to refuse to power on the server until all machines are safe.

With that in mind, I was thinking of creating a temporary server to push the correct admin password back on the machine in case I need it later, and running the update patches from both Windows Update and Sophos Antivirus (which that's a piece of cake IMO) to be in compliance.

Since I'm no expert at LAN, I have 2 questions:

1. Can I just create a GPO with just the password update and not have it sync any other setting?
2. If that can't be done, can I clone the GPO settings of an enduser's computer with the ideal settings and upload it to the temp server?

Thanks for your help!
My company is currently move to a new office.  I have two Sophos SG210 devices.  They were setup using HA for redundancy.  I have stopped the HA so I can take one of the devices over to the new space to setup for some users to move over a week earlier.  I have configured the device for the new internet provider but my question comes to if I create a tunnel between the new space and existing space.  Would it cause a problem is I create a tunnel between the two locations and leave the internal LAN settings the same.  With this scenario the internal LAN's would be the exact same networks so I am wondering if it would cause conflicts.  Our current space also has a VPN tunnel to our datacenter.  I was going to also create a tunnel form the new space to the datecenter.  Would both offices being on the same internal network also cause conflicts with that.  

Or should I just have to change the internal LAN of the new space and enable DHCP on the Sophos for the users that move over early then change the LAN back after the entire move has been completed?
I've recently recently rolled out Intercept x by Sophos which is a software that prevents files from crypto viruses. it can detect file changes and roll these changes back.
However sophos have told me there is no way to tell from there cloud service if the end points has received the update. pain the in backside i know! they did say if the end point device has Hitman.pro service then the device has received the update.

So i'd like to know what's the easier way to scan the network to find this service or executable file on all the devices

Free Tool: ZipGrep
LVL 11
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Trying to get Sophos Puremessage on Windows SBS 2011.
The Sophos Management Console is on a different server and have already successfully installed the AV client on this server.

When running the setup.exe for Puremessage 314 I get the the following error:

Setup encountered an error while gathering system information.
Error details: COM error-code 0x80041001 : IDispatch error #3585

I enabled the PureMessage logging in the registry as recommended on the Sophos site and the log file shows the same error:

MsiUtils.cpp         pr:3844 th:6396 ln:00392 12:31:18.673 INF   + Entering Function : UTIL::MSI::MsiProcessTextMessage()
MsiUtils.cpp         pr:3844 th:6396 ln:00399 12:31:18.674 ERR     0x01000000: Setup encountered an error while gathering system information.
Error details: COM error-code 0x80041001 : IDispatch error #3585

Would appreciate any ideas on where to look for issues.
I have installed Exchange 2010 onto Server 2008R2. I have an SAN SSL certificate from Godaddy installed on Exchange (mail.domain.com and autodiscover.domain.com). I have a Cisco ASA acting as a firewall and a Sophos XG135 in bridged mode acting as the email filter. Email can be sent and received without a problem and the email is being filtered. OWA works from the outside without a problem, however, Outlook Anywhere will not work. I have poured over the available documentation from Sophos but cannot get a remote Outlook client to connect to the Exchange server using Outlook Anywhere.

Has anyone successfully configured the XG in bridged mode to work with Outlook Anywhere? What steps am I missing? Do I need to install the SSL cert on the XG instead of Exchange and make the XG an SSL Proxy? If so, is there any documentation on how to go about this with the Godaddy certificate?
I would like to make practice with a sophos UTM. (I don't have any experience with sophos before ).

Firstly how to connect it and how to reset all the existing setting (so to start for the begging)?
Also how to set web filtering etc.
Any one have a good suggestion for an endpoint protection with sandbox? I heard about Sophos but not sure.
LVL 22

Expert Comment

by:David Atkin
I believe that ESET Endpoint Security has this feature.
We have configured on our end phase 1 and phase 2 to match an ASA that is on a cloud provider. Phase 1 and Phase 2 connect but when looking on the debug on the ASA with the tech decapsulating packets are not happening.

So when we get on a computer the data still times out and will not pass traffic through the VPN connection.

Anything besides the VPN that we need to configure on the Sophos XG85? Routes? Or firewall policies?
Has anyone got any real world experience of migrating from sophos to bitdefender (or the other way?)?
Evaluating BD currently and looks very good.  Relay option looks good for machines that can be pushed out to clients etc.  Unsure of the ins and outs until its deploying fully etc..
Obviously cheaper and has ransom-ware integrated.
Any pointers/recommendations on it?






Sophos develops products for communication endpoint, encryption, network security, email security and mobile security as well as unified threat management. Products include hardware (or software virtual appliance) network firewalls including web browsing protection, AntiSpam filters and antivirus protection, encryption and data protection, web filter, antispam and mobile content and device management tools.

Top Experts In