Sophos

225

Solutions

405

Contributors

Sophos develops products for communication endpoint, encryption, network security, email security and mobile security as well as unified threat management. Products include hardware (or software virtual appliance) network firewalls including web browsing protection, AntiSpam filters and antivirus protection, encryption and data protection, web filter, antispam and mobile content and device management tools.

Share tech news, updates, or what's on your mind.

Sign up to Post

Goal:
Connect to shared drive's and browse through server shares over SSL VPN
----------------------------------------
Setup:
Sophos XG 125 UTM Firewall
Windows Server 2008 R2
-----------------------------------------
Issue:
We have configured our Sophos XG 125 UTM Firewall for SSL VPN.  This will allow our clients to connect into their workplace so they can safely either RDP into their computer OR use the server shared drives.
I've configured this for many of our other clients and have had no issues.  Have also contacted and worked with Sophos Support to confirm it's not a Sophos config issue or VPN issue.  

Our SSL VPN connection is successfully established.  I am able to ping all server IP's as well as their FQDN and get a response.  I am also able to RDP to the required computers.  
I simply cannot browse to the server thrgouh UNC.

I've compared this to our other client's setup's that have the same SSL VPN setup and we have no trouble browsing UNC.  

I also performed a TCP Dump on the Firewall at the time I try to UNC and it shows the requests going to the server but the server does not respond to the request.

I feel that I've ruled out the SSL VPN and Sophos Setup, DNS, Network Discovery, NTFS and File Sharing Permissions.  Any idea's?
0
Free Tool: ZipGrep
LVL 12
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

How to unblock WSuS traffic from Sophos xg firewall in domain
0
Client is using a Sophos XG Firewall to filter email. The XG had been configured in MTA mode and had been working with an Exchange 2010 server running on  Server 2008R2 for about 1 year. Over the weekend, the client updated the firmware from SFOS17.0.2 MR-2, to SFOS 1706 MR-6. After the update, Sophos log reported that email had been delivered from the Sophos to Exchange, but was not received in the client mailboxes.

A call to Sophos support resulted in turning the Sophos from MTA mode to Legacy mode which achieved the objective of Email being filtered and delivered to user mailboxes, however, any reports generated by the XG (i.e. Quarantine Digest) are not being delivered from the XG to Exchange.

One symptom which the Sophos tech was unable to explain was that he was able to telnet from a workstation into the Exchange server, and get a response, but not from the XG into the Exchange server. We would get "Connection refused". When reviewing the Sophos logs (after the change to Legacy mode), System Log reports "Fail to send mail: Cannot connect to mail server servername.domainname.com:25, when attempting to send a test from the XG.

There have been no changes to the email server and the only change is the XG firmware. Has anyone else experienced this issue?
0
Unable to find solution for event ID 5038 on Windows Server 2008 Enterprise, Service Pack 2. Event details as below. The file path mentioned in the event details is pertains to Sophos Antivirus program.

Event ID Details:
Code integrity determined that the image hash of a file is not valid.  The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name:      \Device\HarddiskVolume1\Windows\System32\drivers\savonaccess.sys      

Please advice solution to the above event ID to stop and resolve. - Pritesh Parikh - (Email: Pritesh_net@yahoo.com).
0
Hi

Whats the best way to check/pull the config from a Sophos XG210 firewall.
0
Inherited a new client with a Sophos appliance.  The UTM 9 so far seems to be a great device.  That being said, I am trying to turn off filtering for a specific endpoint.  Even though it is in the "allow access", when I am on that endpoint it still get re-directed to a webpage hosted on the appliance and is expecting to want some sort of authentication.  Are there good tutorials on how to manage Sophos?
0
We had a user whose laptop was infected with ransomware, and that led me to look into the solution to it, and our backup system.
Fortunately, he was not connected to the company network, so the files were only locked in his laptop.
Free ransomware removal tool from TrendMicro, and someone else did not work.

1. What is the best removal tool?

I am looking into Sophos. They have Enterprise Malware Removal Tool that can take care of Ransomware. We use their anti-virus software, so theirs caught my eye.

2. What is the best backup strategy?

I had a IT admin friend, and his system got infected. He spent $30K to get his files back from the servers, and what was interesting was that the ransomware did not manifest itself right away. It was like 2 or 3 days later.
Right now, my servers are backed up fully every night to a USB drive. I have only 3 servers. No incremental or differential. I'd like to know how people backup a couple of terabyte data these days. Tape systems were used in the past, and each day manually or automatically different tapes were used. Do people do this even in 2018? I only used it 10 years ago.

https://www.amazon.com/EX4100-Expert-Network-Attached-Storage/dp/B00TB8XN2E
These can have multiple full backups, and each time are they totally offline from each other? I hear that Ransomware can go into other resources in the same LAN. Then I need a backup system that can backup multiple generations (like daily), and they need to be completely …
0
Hi all,

I'm looking for a bit of help getting started with my HP 1820-24g switch .

my network plan :

sophos router eth1(lan 192.168.0.1/24) and i configured the sophos router so : new interface eth4 (192.168.2.1/24) mit VLAN ID :10 function.

i also sophos router configured dhcp scopes for 192.168.2.100- to 200

so i connected sophos eth4 lan cable  -->switch port 1


so i have the native vlan 1, and  vlan 10(port 1-10 tagged) for lan  on the router.

my problem are:
1. if i change sophos interface(eth4)  Vlan funtion to only ethernet and i connect my laptop port 7 then get my laptop IP from sophos router dhcp server.

2.if i change sophos inteface (eth4) only Vlan fuction (vlan 10),then my laptop gets no ip from sophos dhcp server.

any idea and help?
Thank you
0
For the patch of the chip vulnerability, can I just download the patch from microsoft and install it on all servers and workstations rather than use windows update?  I have a couple servers and 20 workstations.  Also, I noticed that you have to be careful with antivirus because of a registry entry.  Can someone help me out with this issue, I use SOPHOS antivirus and the link below details what they are doing to work with the MS patch.  I think it says that SOPHOS works with the patch but I am not entirely sure.  Better safe than sorry.  Here is the link:    https://community.sophos.com/kb/en-us/128053
0
Hi All,
We have two sites linked via BT routers and each site has its own UTM and fail over simple diagram below.

WAN                                         WAN
  |                                              |
Router                                     Router
  |                                               |
UTM                                         UTM
  |                                               |
Lan - Router -WAN - Router - LAN

So we have a site link and two sites with Primary/DR with fail over routers

The primary site UTM has IP : 194.72.126.66 GW : 194.72.126.65
The primary sites internet works fine

The secondary DR site UTm has IP : 194.74.139.67 GW : 194.72.126.65
I cannot get out to the internet from this UTM

BT have said there is no issue with the routers and the failover is working on the routers.   Below is the information BT have provided me concerning the IP address allocation.

I have recently taken over this position and I'm under the impression this has never worked any ideas why the second UTM at the DR site cannot get  onto the internet?

Regards

John H

194.72.126.64 255.255.255.224
194.72.126.74<<used on primary router
194.72.126.75<<used on V1 router
194.72.126.65<< HSRP standby address and the gateway for you to point to from both devices
 
194.74.139.64 255.255.255.240
194.74.139.66<<< used on primary
194.74.139.67<<used on V1
194.74.139.65<<< HSRP standby address and the gateway for you to point to…
0
Free Tool: Port Scanner
LVL 12
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Hi

Were looking at this in detail.  Would like to audit and monitor data that is being driven by users, so services and apps they are using, and what they are sending via email in particular.
Tried exchange online DLP - pants.
Mimecast DLP - pants
Sophos DLP - seems ok, but not great.

Anything else out there?

Thanks
0
I have a server with a Hyper-V role and virtual machines and a firewall sophos installed.

I would like to create a rule in which when a client (out of the internal network) want to connect to remote connection then this user need to transfer to a specific virtual machine (not to the host server).

How to create this rule?
0
Dear Wizards, can we have some solutions (Open source) to setup networking environment for startup (small) company. We knew some things like:
- Firewall/Router: Sophos XG Home, pfSense
- Storage: FreeNAS, XPenology
- PC: Ubuntu, OpenOfficce

How about the Switch? Is there any Open Source ISO file that we can use to simulate the Switch (let's say Cisco :))

Many thanks!
0
Hi Experts,
I have a Sophos Firewall and want to use at home. I got some Information that if i use it at home then i Need Home-use license.
how can i get homelicense for it? I look at Sophos web site but i did not understand how is?

Thank you so much and Regards
0
Hello All,
I am hoping that you can provide me some fresh eyes regarding this issue.

Environment
- SBS2011 Virtual Machine, single NIC, DNS configured to point to itself, sole DC
- 7x client machines with workstations only pointing to server for primary DNS, no secondary
- Cyberoam firewall with Sophos OS, latest firmware
- SBS DNS has 4x forwarders (2x ISP, 2x Google) configured to 3 sec timeouts.

Problem
All of the workstation clients have been experiencing an internet outage that lasts seconds.  The symptom is that they will go to load a webpage and the page resolution appears to hang.  The result is either a very slow loading webpage that eventually comes up or partially comes up, or a page saying the website could not be resolved.  If they refresh the page, it immediately comes up.

Troubleshooting
- Assign workstations to only use external DNS (8.8.8.8), issue goes away
- Assign workstation to a different gateway, issue goes away
- I installed a new secondary DNS server that pulled its info from the SBS DNS.  This VM was joined to the domain, but not promoted to a DC.  I then moved one workstation to the DNS server and the issue did not resolve.

My thoughts
My concern is that the SBS DNS is somehow corrupt or not working properly.  Is there a way to reset it?  

I could also rebuild the secondary server without pulling the DNS info from the SBS server, but my fear is that it will be missing critical AD required information for the workstations.
0
I have internet in my building (PPPoEoE), currently, i'm using a linux machine as the router/firewall and I want to migrate to sophos myutm.

when I connect to the internet using linux, I have my default route that just routes to the interface:
ip route add default dev ppp0

The thing is, Sophos doesn't support interface routes for whatever reason, so it's using the PtP remote address, which my ISP has set to 10.0.0.1. The problem is, MY router is 10.0.0.1, so when it adds the default route, it stuffs everything up.
Sophos runs linux in the background, and I can remove this route and add an interface route and everything starts working again.
The route set by my ISP does the following:
ip route add default via 10.0.0.1

My ISP says this doesn't matter because it is a PtP route, so it should route, however, it doesn't.

I've had to revert to my linux machine, and looking at the logs, with the relevant lines at the bottom of this text

I expect the remote ip address to be something like 118.33.24.15 rather than 10.0.0.1

Is my ISP wrong? can someone point me in the direction of the relevant information about this? I've had a look online, and I can't find anything specific.

Nov 23 22:23:49 firewall pppd[29996]: Using interface ppp0
Nov 23 22:23:49 firewall pppd[29996]: Connect: ppp0 <--> eth1
Nov 23 22:23:52 firewall pppd[29996]: CHAP authentication succeeded
Nov 23 22:23:52 firewall pppd[29996]: peer from calling number 4C:5E:0C:DE:88:D0 authorized
Nov 23…
0
Hello Experts,
I want to learn VLAN configrations on HP Procurve Switches. I Need your suggestions about  which HP Switch models ,is best for beginning. I will buy Switches on eBay.
I have a Sophos UTM 220 Hardware Firewall at my Network.

1.do i Need to buy layer 2 or layer 3 Switches?
2.which HP model can help VLAN configuration?

Thanks
0
I am creating a new network and each machine we would like to install Norton AV but all laptops has Bitdefender on it and my question is:

1 - Can I use Bitdefender for my network? or Norton is better?

2 - Any advice on Sophos end point?


Can you please kindly advice?

Best regards,
Mallony
0
Dear Experts, we could not setup the VPN connection between Router C3925 and Firewall Sophos XG210. Attached files are the log in both 2 devices. Please revise and suggest, many thanks!

Public IP address of Firewall Sophos XG210: {A}.{B}.{C}.{D}
LAN IP network of Firewall: 172.16.16.0/24

Public IP address of Router C3925: {Q}.{W}.{E}.{R}
LAN IP network of Firewall: 192.168.6.0/24


This is the configuration on Router

interface GigabitEthernet0/1
 description "ISP 1"
 ip address {Q}.{W}.{E}.{R} 255.255.255.192
 ip access-group SECURITY-IN in
 ip access-group SECURITY-OUT out
 ip flow ingress
 ip nat outside
 ip virtual-reassembly in max-fragments 16 max-reassemblies 64 timeout 5
 duplex auto
 speed auto
 crypto map MYMAP

crypto isakmp policy 10
 hash md5
 authentication pre-share
 group 2
crypto isakmp key 6 password_here address {A}.{B}.{C}.{D}
!
crypto ipsec security-association lifetime seconds 1800
!
crypto ipsec transform-set MYSET esp-des esp-md5-hmac
!

crypto map MYMAP 10 ipsec-isakmp
 set peer {A}.{B}.{C}.{D}
 set transform-set MYSET
 match address 106

access-list 106 permit ip 192.168.6.0 0.0.0.255 172.16.16.0 0.0.0.255

Open in new window


Here is the configurations on Firewall:

IPSec profile:
Firewall_IPSec.JPG
IP Host:
Firewall_IPHost.JPG
Firewall rule:
Firewall_Rule.JPG
Firewall VPN:
Firewall_VPN.JPGRouterCisco3925Log.txt
FirewallLOG.JPG
0
Cloud Class® Course: MCSA MCSE Windows Server 2012
LVL 12
Cloud Class® Course: MCSA MCSE Windows Server 2012

This course teaches how to install and configure Windows Server 2012 R2.  It is the first step on your path to becoming a Microsoft Certified Solutions Expert (MCSE).

Set-up issues


I will preface this by saying I had a UTM120 for three years with the UTM9 OS and right now thinking boy I miss those days.  I was told that my appliance was nearing end-of-life so to renew licensing I went with the XG115.  I had configured UTM9 on my own and generated help desk cases if issues arose.  This appliance is quite a bit different.  Firmware XG115 (SFOS 17.0.0 GA) so on the latest firmware.

What I am trying to resolve right now is that any type of web surfing is extremely painful.  I have an on-premise Exchange server so port 443 is being forwarded to it but I also have the default network rule of WAN to LAN all ports and all services are open.  I have a similar network rule that WAN to LAN port 443 is open thinking of other workstations that initiate SSL traffic it will find its way back to the device that initiated the traffic.  Let's face it.  Most web sites are https.  I am constantly being warned that the certificate cannot be verified and I have to click to still access the site or create an exception for the site depending on the browser.  I cannot log in using an account to any web site.  Some sites I can't even create the exception in Firefox.  I can't use the StartPage search engine.  Amazon looks like crap.  No pictures and just a bunch of links.

A little bit on the network.  Uverse gateway goes to a Cisco ASA appliance that I consider my perimeter (and why not have another layer of defense !).  The XG is in bridge mode.  For a …
0
What are the differences between Sophos XG and Sophos UTM? Do we have an iso file of Sophos XG? Many thanks!
0
I've recently installed Sophos XG230 UTMs on two campuses. Now our Sharp copiers could no longer scan to email.

They SMTP through a gmail account.

I know the user email and password are correct but we get a Error [3332]:  Authentication type not supported.
 
When tested with 'no authentication' connection to SMTP server is fine.

Whilst testing I have allowed all outbound traffic.

Any help would be greatly appreciated.
0
Dear Experts, we have 1000 users located at multiple sites.
- The Headquarter office includes 400 users, has Cisco Router 3925, not yet Firewall.
- Site A includes 200 users, has Sophos Firewall.
- Each of Site B, C, D, E has 100 users, only has Modem Internet, not yet Firewall

In Headquarter, the AD server (Win Server 2012R2) is ready but we are not sure about the method to join domain for ALL users. We have several questions as below:

1. MPLS-VPN leasdline and VPN connection, which one is better in terms of performance and cost?

2. In case we choose VPN connection, should we choose Site-to-Site VPN or Remote-Access VPN, and why? Which devices should we buy?

3. As my understanding, in VPN connection, the users who connected will use the Internet connection from VPN server, is it right? If so, will the VPN connection is suitable for 1000 users?

4. For the Domain diagram, which model should we use for high performance and availability? We intend to install Addition DC in Headquarter and RODC in each site? Is it okay?

5. In Headquarter, all servers are VM and we have Veeam 9.5 to backup, but in sites servers are physical. Which backup software is the best for physical AD machines?  
0
I am looking for any software appliance for Sophos XG.

I need it for make practice with Sophos firewall.
0
I need a firewall for branch office with 8 users and may go up to 12 in the next year or two. Most of the resources are in Head Office (HO) and has Sophos XG firewall. Remote users use Sophos SSL VPN client individually on their computer and RDP access to connect to HO. Now the requirement is to replace SSL VPN client and establish a site-to-site VPN and join all the remote computers to the DC in HO. I was looking at Sophos XG 115 for the branch office.

Would like to get some expert advise on Sophos XG 115 device for branch office or if there are any other better alternative available for site-to-site VPN? Also trying to keep the cost to minimum.
0

Sophos

225

Solutions

405

Contributors

Sophos develops products for communication endpoint, encryption, network security, email security and mobile security as well as unified threat management. Products include hardware (or software virtual appliance) network firewalls including web browsing protection, AntiSpam filters and antivirus protection, encryption and data protection, web filter, antispam and mobile content and device management tools.

Top Experts In
Sophos
<
Monthly
>