Sophos

228

Solutions

408

Contributors

Sophos develops products for communication endpoint, encryption, network security, email security and mobile security as well as unified threat management. Products include hardware (or software virtual appliance) network firewalls including web browsing protection, AntiSpam filters and antivirus protection, encryption and data protection, web filter, antispam and mobile content and device management tools.

Share tech news, updates, or what's on your mind.

Sign up to Post

Dear Experts, we are moving our Data Center in the next 2 months. What should we consider and take note in order to move DC smoothly?

Our environment:
- 4 x Server ESXi6.5 (HP Gen9)
- 2 x Routers Cisco 3925
- 2 x Core Switch Cisco 3750/3560
- 1 x Firewall Sophos XG
- 10 x Access Switch Cisco CE500
- 5 x WAP Cisco Meraki MR18
- 5 x Physical Server IBM x3650

Many thanks!
0
Cloud Class® Course: C++ 11 Fundamentals
LVL 12
Cloud Class® Course: C++ 11 Fundamentals

This course will introduce you to C++ 11 and teach you about syntax fundamentals.

Goal:
Connect to shared drive's and browse through server shares over SSL VPN
----------------------------------------
Setup:
Sophos XG 125 UTM Firewall
Windows Server 2008 R2
-----------------------------------------
Issue:
We have configured our Sophos XG 125 UTM Firewall for SSL VPN.  This will allow our clients to connect into their workplace so they can safely either RDP into their computer OR use the server shared drives.
I've configured this for many of our other clients and have had no issues.  Have also contacted and worked with Sophos Support to confirm it's not a Sophos config issue or VPN issue.  

Our SSL VPN connection is successfully established.  I am able to ping all server IP's as well as their FQDN and get a response.  I am also able to RDP to the required computers.  
I simply cannot browse to the server thrgouh UNC.

I've compared this to our other client's setup's that have the same SSL VPN setup and we have no trouble browsing UNC.  

I also performed a TCP Dump on the Firewall at the time I try to UNC and it shows the requests going to the server but the server does not respond to the request.

I feel that I've ruled out the SSL VPN and Sophos Setup, DNS, Network Discovery, NTFS and File Sharing Permissions.  Any idea's?
0
How to unblock WSuS traffic from Sophos xg firewall in domain
0
Hello All,
I am hoping that you can provide me some fresh eyes regarding this issue.

Environment
- SBS2011 Virtual Machine, single NIC, DNS configured to point to itself, sole DC
- 7x client machines with workstations only pointing to server for primary DNS, no secondary
- Cyberoam firewall with Sophos OS, latest firmware
- SBS DNS has 4x forwarders (2x ISP, 2x Google) configured to 3 sec timeouts.

Problem
All of the workstation clients have been experiencing an internet outage that lasts seconds.  The symptom is that they will go to load a webpage and the page resolution appears to hang.  The result is either a very slow loading webpage that eventually comes up or partially comes up, or a page saying the website could not be resolved.  If they refresh the page, it immediately comes up.

Troubleshooting
- Assign workstations to only use external DNS (8.8.8.8), issue goes away
- Assign workstation to a different gateway, issue goes away
- I installed a new secondary DNS server that pulled its info from the SBS DNS.  This VM was joined to the domain, but not promoted to a DC.  I then moved one workstation to the DNS server and the issue did not resolve.

My thoughts
My concern is that the SBS DNS is somehow corrupt or not working properly.  Is there a way to reset it?  

I could also rebuild the secondary server without pulling the DNS info from the SBS server, but my fear is that it will be missing critical AD required information for the workstations.
0
I have internet in my building (PPPoEoE), currently, i'm using a linux machine as the router/firewall and I want to migrate to sophos myutm.

when I connect to the internet using linux, I have my default route that just routes to the interface:
ip route add default dev ppp0

The thing is, Sophos doesn't support interface routes for whatever reason, so it's using the PtP remote address, which my ISP has set to 10.0.0.1. The problem is, MY router is 10.0.0.1, so when it adds the default route, it stuffs everything up.
Sophos runs linux in the background, and I can remove this route and add an interface route and everything starts working again.
The route set by my ISP does the following:
ip route add default via 10.0.0.1

My ISP says this doesn't matter because it is a PtP route, so it should route, however, it doesn't.

I've had to revert to my linux machine, and looking at the logs, with the relevant lines at the bottom of this text

I expect the remote ip address to be something like 118.33.24.15 rather than 10.0.0.1

Is my ISP wrong? can someone point me in the direction of the relevant information about this? I've had a look online, and I can't find anything specific.

Nov 23 22:23:49 firewall pppd[29996]: Using interface ppp0
Nov 23 22:23:49 firewall pppd[29996]: Connect: ppp0 <--> eth1
Nov 23 22:23:52 firewall pppd[29996]: CHAP authentication succeeded
Nov 23 22:23:52 firewall pppd[29996]: peer from calling number 4C:5E:0C:DE:88:D0 authorized
Nov 23…
0
Dear Experts, we could not setup the VPN connection between Router C3925 and Firewall Sophos XG210. Attached files are the log in both 2 devices. Please revise and suggest, many thanks!

Public IP address of Firewall Sophos XG210: {A}.{B}.{C}.{D}
LAN IP network of Firewall: 172.16.16.0/24

Public IP address of Router C3925: {Q}.{W}.{E}.{R}
LAN IP network of Firewall: 192.168.6.0/24


This is the configuration on Router

interface GigabitEthernet0/1
 description "ISP 1"
 ip address {Q}.{W}.{E}.{R} 255.255.255.192
 ip access-group SECURITY-IN in
 ip access-group SECURITY-OUT out
 ip flow ingress
 ip nat outside
 ip virtual-reassembly in max-fragments 16 max-reassemblies 64 timeout 5
 duplex auto
 speed auto
 crypto map MYMAP

crypto isakmp policy 10
 hash md5
 authentication pre-share
 group 2
crypto isakmp key 6 password_here address {A}.{B}.{C}.{D}
!
crypto ipsec security-association lifetime seconds 1800
!
crypto ipsec transform-set MYSET esp-des esp-md5-hmac
!

crypto map MYMAP 10 ipsec-isakmp
 set peer {A}.{B}.{C}.{D}
 set transform-set MYSET
 match address 106

access-list 106 permit ip 192.168.6.0 0.0.0.255 172.16.16.0 0.0.0.255

Open in new window


Here is the configurations on Firewall:

IPSec profile:
Firewall_IPSec.JPG
IP Host:
Firewall_IPHost.JPG
Firewall rule:
Firewall_Rule.JPG
Firewall VPN:
Firewall_VPN.JPGRouterCisco3925Log.txt
FirewallLOG.JPG
0
Dear Experts,
I have an issue lately after upgrading email security appliance. All outbound mails are using my Cisco firewall interface IP and often bounces as my email server public IP is different. Email appliance is Sophos EA.
My email server public IP is 86.xxx.xxx.197
Cisco FW ASA interface public IP 86.xxx.xxx.196
There is n option on sophos to change outbound IP address it takes primary up (internal).
On Cisco I have all SMTP traffic going out via 86.xxx.xxx.197. but still traffic from sophos EA goes out via 196.
What should I do on Cisco ASA to make sophos ( internal IP 192.168.1.88) to use 86.xxx.xxx.197 for all outbound traffic.
0
We have Sophos UTM 9 that is providing dhcp. There are maybe 50 laptops in use.  There are access points through out the two buildings. The two building are connected with hp filber switches. The access points are meraki but there are a couple of older cisco access points.  I keeping getting calls about users not being able to connect to the internet. I find that they are connected to the wireless but the connection has a yellow bang symbol over it.  I release the address, flush the dns, disconnect and reconnect to the wireless but nothing fixes the issue.  The only thing that works in these instances is to set a static ip and dns.  Does anyone have a suggestion on fixing this or an idea of what is causing this?
0
need to install a sophos firewall. there is a cisco router that the ISP is plugged into and it has quite a bit of config on it. we are wanting to use the firewall primarily for webfiltering traffic. We would like to place it behind the cisco router. not exactly sure how to get web traffic to go through the firewall to be blocked/allowed. The client server runs DHCP and broadcasts the gateway as the internal ip of the router.
0

Sophos

228

Solutions

408

Contributors

Sophos develops products for communication endpoint, encryption, network security, email security and mobile security as well as unified threat management. Products include hardware (or software virtual appliance) network firewalls including web browsing protection, AntiSpam filters and antivirus protection, encryption and data protection, web filter, antispam and mobile content and device management tools.

Top Experts In
Sophos
<
Monthly
>