We help IT Professionals succeed at work.






Sophos develops products for communication endpoint, encryption, network security, email security and mobile security as well as unified threat management. Products include hardware (or software virtual appliance) network firewalls including web browsing protection, AntiSpam filters and antivirus protection, encryption and data protection, web filter, antispam and mobile content and device management tools.

Hi all can someone show me where I can confirm for sure how many concurrent licenses a Cyberoam CR25iNG - 10.6.6 MR-2 firewall can hold?  I found the licensing and it doesn't tell me squat.  If I click on system then maintenance and licensing it gives me the model CR25iNG (C06615145344-9YTFZU).  If I click synchronize it syncs however does not show how many licenses there are.   If I add a user to the VPN it lets me but doesn't tell me what the concurrent limit is at.   Any help is appreciated.
Hi experts,

I need to get a public Certificate for a Exchange 2016 server - which should use active sync. The Exchange was behind a sophos UTM.

Doe´s  i need a san cerfificate? i need autodiscover/outlook/mail.contoso.com rigt?
Thx a lot.

I am Unable to send most emails to most domains. We are using Sophos XG as the sending relay.
All (almost all) emails are stuck in the queue with error:
421 service not available (connection refused, generic failure).
some emails that give these errors sometimes are getting delivered.
Problem started only yesterday!
Is there any issues with running SOPHOS on top of SBS2011?
We have a website (IIS) that shows PDF's as part of the interface. In the URL it displays the path and filename to the location of the file. With some ingenuity a web-user could guess other filenames and access files they shouldn't.

I believe there is method that we can use to convert the path/filename part of the URL to a guid so as to obfuscate this info.

I was led to believe that a reverse proxy was the tool for the job. We have setup our sophos firewalls as such but this feature isn't happening.

If anyone could advise it would be much appreciated, my skills in this area are somewhat lacking so any pointers welcome.

I'm running a Sophos XG 115 with dual ISPs (Comcast and AT&t) in balance mode.  That all works fine.  However I have one user (the Boss) who wants his workstation to always use Comcast (some of the sites he using require Comcast login).  

My question is:
Is there any way that I configure his workstation to only use the Comcast connection and not the AT&T connection?
Or is this something that has to be set up in the Sophos?

All of my workstations are using Static IPs.  

Any assistance would be appreciated.

Dear Guru, we would like to mitigate the DDos attacks on Sophos XG firewall however not sure how to fill these parameters. Can you kindly suggest and explain? How to make sure that we did not drop legit sessions?

I have 13 IPSec VPNs that are set up and working on a VMWare NSX Edge. The remote sites are all Sophos XG Firewalls. They used to connect to a Sophos firewall. In the earlier scenario, there was a VPN to VPN rule that joined all the Sophos IP Sec connections together in a hub and spoke network design. One could see devices between Atlanta to Orlando, for example.

Now I have them all connected successfully to the VMWare NSX Edge firewall. I have 2 rules for each location on the NSX.  For example, NSX to Atlanta and the reciprocal Atlanta to NSX.

I'd like for traffic to be seen from one location, like Atlanta, through the NSX Edge to Orlando.
On each Sophos connection to the Edge, I've added the remote networks I'd like to add to the Edge connection.  
In the previous all Sophos configuration, at the "hub" Sophos, a rule of VPN to VPN was in place to make this happen.
But I think I'm missing something on the NSX Edge to allow for Atlanta to "see" Orlando.

I have added reciprocal rules of Atlanta to Orlando and vice versa on the NSX but that is not working.
We had a none critical server get infected with the Cheetah virus.  I have run Sophos and Malwarebytes and neither has fixed it.  I can change the extensions manually but that will take forever.

There must be a simple solution that one of you have tried.   HELP!

We have recently acquired another company, MD says 'Join them together so we can communicate and access all resources'. As a one man band looking after the existing company I am stumped.

A run down of what I have to work with.

Company 1
Caxxx.co.uk has 2 locations, hosted DC(DC1) and a production site(Prod1)

Company 2
Sezzzzzz.co.uk has 2 locations also, the hosted DC(DC2) and a production site(Prod2)

The sites are a mixture of Cisco, Sonicwall, Sophos firewalls and there is no overlap of IP ranges between each site. First thought was to create the site to site vpn connections so at least communication could be established, I set this up and am able to ping  device at each locations. Second was to add the forward and reverse lookps into the DNS records which I have done. I am able to connect using the ip address and the FQDN eg. NCL-DC01.ad.caxxx.co.uk but not NCL-DC01.

Can I be pointed in the right direction so I cn read up on what I need to do to get this to work, apart from creating a new forest as this will be done a later stage.

I have a client who would like to move away from KASPERSKY ENDPOINT SECURITY to either SOPHOS or TREND MICRO for their corporate environment. Other than the cost involved, I would like an input into the Pros and Cons of the three in order to make a decision on the above.

Your input shall be highly appreciated.
We are the office365 Users and subscribe to E3 plan.I would like to know is that possible all our machine join to office365 domain ?

1.If can ,what is the pro and con
2.Any additional license require in office365 ?

Our main target is using azure to manage the user account and integrate with sophos central .
I have a Juniper SRX220 Firewall.  I am connecting to a Service provider who is running a SOPHOS Software base UTM firewall.
They tell me there is little for them to configure and that they have a couple thousand site to site VPNs connected.  Hence, the problem is back on me.

What happens is the Site to site comes up and everything is working, and then about 15 minutes or so into it the Tunnel goes down and I have to reinitiate the tunnel.
I am at a loss to see any problems.  Anyone seen something similar.  It has to be something simple.   Ive attached a file with some shots of the configuration that I have control of.JuniperScreenshots.docx
I have two Sophos SG 230's that are configured for HA.  I have the LAN Port on the Master going to Switch 1.  I have the LAN Port on the Slave going to Switch 1.  I would like to add another LAN interface in the UTMs that I can use to connect them to Switch 2 for redundancy purposes.  

To properly do this, would I simply change interface eth0 (my current LAN interface) from "Type: Ethernet" to "Type: Bridge" and select one of the available interfaces / nics available on the UTM?
Dear Experts,

We have configured SSL VPN for the Sophos XG 310 firewall to use.

When we tried to add a second ssl vpn account copying the first account settings, we are unable to connect.

Is there a log for SSL VPN?
Dear experts, we are testing Sophos xg310 and Exchange 2016 server. If we use webmail owa, we can send/receive emails normally but we cannot connect to our accounts via MS Outlook and mobile.

Can you please suggest? Many thank
Hello Experts.  Any experience or recommendations regarding Microsoft ATP in O365 vs a traditional Endpoint Solution such as Sophos or ESET?  We are an educational institution so have an A1 licence.  Getting an A3 or A5 would allow ATP along with many other features I would like to have.
I have a request to give a file/folder encryption software.
I saw Sophos Safeguard but it seems very expensive compare to other softwares.
Anyone knows a better software whch encrypts and password protect the files/folders.
Customer wants to password protect a file and send by email and share the password privately.

Appreciate your advise.
Sophos uses bitlocker as far as I'm aware. Bitlocker requires tpm modules? How do I check if all my laptops have a tpm module.
My employer was hit with malware two months ago and we've contained and treated it. However, it looks like our address book got hijacked. Users are being bombarded every day by spoofed emails using names of our employees, but coming from various domains around the world. Outside customers and vendors we often communicate with are also reporting that they are getting the same type emails, multiple times daily.

I know this is a long shot, but is there anything at all we can do about this? I suppose anybody can type any name in the "From" box on a message and since they have our names and contacts, they are exploiting it. We mark all external emails as [EXTERNAL] so at least people will see that the emails come from outside our domain despite the user's name, but that doesn't help for our vendors, customers, and other contacts.

We currently have Sophos installed on our servers and desktops, and run Barracuda's spam filter. Most of this stuff is getting caught and blocked, but there are so many that a few still slip through.

Any suggestions here?
Hello, We in the middle of integrating our on premise AD to our SOPHOS firewall. We had to download the SOPHOS firewall plugin to connect to AD and server information. Apparently the app reads certain particular events that tell it if a users has logged in or logged out of his or her computer system and based on that consider the user active and therefore starts logging and allowing that AD user access to the internet.

Currently this is not working and the cause per SOPHOS Senior engineer is when the user signs in the event viewer we see ID 4624 pop up but right after we get an event 4634 stating a logoff and the following message...

"This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer"  

SOPHOS Engineer specifically said event ID 4634 is causing this issue.

It makes sense that 4634 may be causing issues since it says the user is logged off when in fact they just logged in but is that event ID 4634 a normal event across all servers or an issue I must fix?

-Currently only 1 domain controller
-Windows Server 2016
-About 60 Users
Does anyone know why a Sophos firewall would suddenly stop providing proper DNS? We thought it was a Verizon issue, but the traceroutes I'm running stop at the firewall? I checked the DNS entries and they read like the Sophos site says they should.
Dear Experts,

I have a VMware 6.7.0.

I am trying to deploy a sophos VMW using ovf template on it and it says "A required disk image is missing"

How do I properly deploy ovf template as I only add the virtual_sf.ovf and disk1.ovf file only.

Anyone can guide me on how I should properly do it.
Dear Experts,

I have a Sophos vhdx installed into my hyper-V version SFOS 17.1.3 MR-3.

How do i login and configure the IP address and its interfaces?

I only managed to access the console via the Main Menu.
Hi Guys,

I am trying to configure a SonicWALL TZ400 site-to-site VPN.
We have a Sophos firewall router on the remote side.

The Dell SonicWALL replaces our previous Netgear Prosafe FVS336G router, which connects the site-to-site VPN successfully.

I confirmed the Dell SonicWALL VPN / IPsec settings again and again, but no connection unfortunately.

I used the SonicWALL quick VPN configuration.

I've noticed that the access rules for "VPN to LAN" have been auto-added, as well as "VPN to WAN"

Are there any changes that is needed to the access rules, or NAT rules for the site-to-site VPN to work?
Any recommendations are welcome ...






Sophos develops products for communication endpoint, encryption, network security, email security and mobile security as well as unified threat management. Products include hardware (or software virtual appliance) network firewalls including web browsing protection, AntiSpam filters and antivirus protection, encryption and data protection, web filter, antispam and mobile content and device management tools.

Top Experts In