Sophos develops products for communication endpoint, encryption, network security, email security and mobile security as well as unified threat management. Products include hardware (or software virtual appliance) network firewalls including web browsing protection, AntiSpam filters and antivirus protection, encryption and data protection, web filter, antispam and mobile content and device management tools.

Share tech news, updates, or what's on your mind.

Sign up to Post

We have been successfully migrating endpoints from Sophos Enterprise Console to Sophos Central using the Sophos Central Migration Tool. It has not suddenly stopped working. The error in the Update Managers status says "Error during CID deployment". When we try to refresh the migration packages "Migration package deployment failed". The SEC server has full internet access. Tried uninstalling and reinstalling the migration tool but the same problem occurs.
We have been having an issue with specific websites being slow for almost a month now.  Certain sites (mymathlab, our library system, and various other sites you log into) have been slow when sending or recieving data.  You click a link and sometimes it spins and spins and spins.  We are working with our firewall vendor Sophos (it seems to have shown up after a firmware update) and we are very hesitant to downgrade because that often can cause issues in itself.  

Normal website browsing is fine, seems to be stuck to sites you log into that are hosted off campus.  Any thoughts?  We have 2 internet connections load balanced behind an ISP load balancing device. I am interested in all theories as this is causing significant hardship for our students and staff.  Thank you all very much for your insight!
We have a Sophos WS5000 Web-Appliance and Sophos Central Anti-virus.

We would like students to get to youtube itself but not youtube video download sites, like  youtubetomp4,, etc.

What would be the best way to achieve this?

Many thanks in advance
Hey all,

With the increased threat of threats out there, I am wondering if I am doing enough for my clients and would like some sort of input as to what I should be doing more of to combat the threat of cybercrime

My usual Firewall install for a client is a Sophos XG with Threat protection, IPS & AV enabled with SSL VPN setups for people accessing the network. I suppose I am one of those people who want to make sure I have done everything to protect a network and want to ask a stupid question.. when it comes to RDP brute force attacks, if we don't have any WAN>LAN rules to open RDP ports, are we safe or do we need to physically go in and disable RDP protocol on every machine.

I know the threat has been around for ages but I need to get some clarification on this so any serious answers accepted, please.
Hi all,

We are switching to using the Windows Firewall for clients after using Sophos for many years.  At the moment I am configuring a GPO and have a couple of queries.

1.) How can I stop or restart the Windows Firewall service?

I have noticed that when I go to services and look at Windows Defender Firewall, everything is greyed out and I have no option to stop or restart it (yes, I am running services with admin credentials).  If I run Task Manager as administrator and access services this way, when I attempt to stop with Windows Defender Firewall service I get:

The operation could not be completed.  Access denied.

2.) Problems with logging.

a.) I have enabled logging in the GPO.  I left it with the default  %windir%\system32\logfiles\firewall\pfirewall.log location.  However, the log fails to be created.  I have read about the requirement to add "NT Service\MpsSvc" with full permissions to the location but the log file still fails to be created even when I add this permission.  Even if I could get it work, how would I replicate this permission change to all my PC's when I deploy this business wide?

b.) I quite like the idea of changing the path where the log file saves to a central shared location.  I was thinking of using a %computername% variable in the file name to save a different file for each computer.

is this possible?

Thanks in advance
Outlook Anywhere works great when I fully open port 443 NAT to my on-prem exchange 2010 server. I want to use the application firewall and testconnectivity (MS tool) fails with the following.

We have been using Sophos Firewall for many years on our Windows 7/10 clients, but are moving to Windows Firewall.  I want to configure the rules via GPO.

We have one application (our ERP) which has nearly 200 individual EXE's contained within a folder (within c:\program files....).  When you consider that we also have Dev, Test and Train versions of this software (all of which install in to slightly different file paths), we are looking at 800 exe's!

Every time I launch a different one (by triggering something within the ERP application), I get prompted to manually add it to the exclusion list.

Is there a way I can configure a rule to allow to exclude an entire folder and all the .exe's within it?

I tried configuring a rule to allow Any program, over any port to the specific IP addresses which the ERP system uses, but as soon I launch the software, I get the notification that the application has been blocked and do I want to allow it.

The only way I have found so far is to use the script in the link below which automatically creates a rule for each exe within a folder.  I think I can then could potentially then export this and import it in to the GPO.

However, I really don't want to end up with a list of firewall rules which has over 800 individual entries!

Any suggestions on how I can work around this?
Sophos Secure Workspace WebDav with Synology NAS. Unable to get WebDav to connect
Hi EE, so just to give a quick background, this issue did actually start happening in March on a number of pc's. Since the May update has come out we have now noticed a lot of machines failing this update.

A number of pc's that I've looked at they have the generic error of 80004005, a couple of machines however did have specific error codes 80070020 & 80070308. I then ran a script to reset windows updates, tried to install again and on both machines the error changed to the generic 80004005.

Here's a few things I have tried so far
SURT - no errors, removed group policies, repaired Microsoft programs (office, framework, visual c++)
Reset Windows updates, removed servicing stack update, sfc /scannow - no errors
We have 2 different brands of machines so don't think it's a specific driver

I have a zip file that has all 3 logs in it. CBS, checkSUR & windows update
Please let me know if these would be useful to you and I will attach them.

Thanks in advance
background, we host SAP onsite, Version 9.1
windows 10 machine - latest updates
Antivirus - Sophos endpoint
Encryption - bitlocker

Sap randomley crashes and gives us this error:

The description for Event ID 1000 from source Application Error cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.

If the event originated on another computer, the display information had to be saved with the event.

The following information was included with the event:

SAP Business One.exe
C:\Program Files (x86)\SAP\SAP Business One\SAP Business One.exe
C:\Program Files (x86)\SAP\SAP Business One\B1_Engines.dll

The handle is invalid
We have a UTM Sophos XG 85. The client is having issues with the websites loading very slow. I put another router in all fine.

Any suggestions?
We are running Sophos XG firewalls and need to devise a way to import the appliance SSL certificate so that we can enable secure HTTPS scanning.  This can be difficult to deploy particularly with mobile devices.  I'd like to see if anyone has developed a streamlined way to do this outside of AD GPOs on the Windows systems.
We have students with iPads.

Certain webpages, always in Spanish or Brasilian get blocked and a Content Restricted error will appear.

Very rarely the landing page, usually a subpage.

Our Sophos filtering system has the domains whitelisted for the students but this makes no difference and the logs show the * as Allowed.

Where else can I look? Are there logs or reports for Google safe search?

Any help would be greatly appreciated.
WMIC is working for some users/computers and not for others. We have a Sophos Firewall that uses WMIC for authentication. It works for some users and is not working for some others, I contacted Sophos tech support and after some test, they said that the problem is with my DC server, in which WMI is not working properly. How can I make it work for all users/computers?

(please see a screenshot attached.

We have a Sophos Web Appliance monitoring/filtering traffic on student and staff network.

Content on the student network seems to get blocked randomly.

For example, a the Student could be working in Google Slides. They finish making a presentation on their iPad, then select 'Present' and the page is blocked with a 'Content Restricted' message.

On the staff network the presentation will display.

Another time a wiki page in English is allowed but the same wiki page in Portuguese is blocked.

I am very new to Web Appliance but have some experience with XGs. Where could I start looking to solve these issues?

Many thanks.
I looking for any free firewall software appliance. (Like the old version of sophos. The new version of Sophos provide only 30 days software appliance)
I don't know if there is any firewall which provide a software appliance free and without time restriction.
Connect to shared drive's and browse through server shares over SSL VPN
Sophos XG 125 UTM Firewall
Windows Server 2008 R2
We have configured our Sophos XG 125 UTM Firewall for SSL VPN.  This will allow our clients to connect into their workplace so they can safely either RDP into their computer OR use the server shared drives.
I've configured this for many of our other clients and have had no issues.  Have also contacted and worked with Sophos Support to confirm it's not a Sophos config issue or VPN issue.  

Our SSL VPN connection is successfully established.  I am able to ping all server IP's as well as their FQDN and get a response.  I am also able to RDP to the required computers.  
I simply cannot browse to the server thrgouh UNC.

I've compared this to our other client's setup's that have the same SSL VPN setup and we have no trouble browsing UNC.  

I also performed a TCP Dump on the Firewall at the time I try to UNC and it shows the requests going to the server but the server does not respond to the request.

I feel that I've ruled out the SSL VPN and Sophos Setup, DNS, Network Discovery, NTFS and File Sharing Permissions.  Any idea's?
How to unblock WSuS traffic from Sophos xg firewall in domain
Hello All,
I am hoping that you can provide me some fresh eyes regarding this issue.

- SBS2011 Virtual Machine, single NIC, DNS configured to point to itself, sole DC
- 7x client machines with workstations only pointing to server for primary DNS, no secondary
- Cyberoam firewall with Sophos OS, latest firmware
- SBS DNS has 4x forwarders (2x ISP, 2x Google) configured to 3 sec timeouts.

All of the workstation clients have been experiencing an internet outage that lasts seconds.  The symptom is that they will go to load a webpage and the page resolution appears to hang.  The result is either a very slow loading webpage that eventually comes up or partially comes up, or a page saying the website could not be resolved.  If they refresh the page, it immediately comes up.

- Assign workstations to only use external DNS (, issue goes away
- Assign workstation to a different gateway, issue goes away
- I installed a new secondary DNS server that pulled its info from the SBS DNS.  This VM was joined to the domain, but not promoted to a DC.  I then moved one workstation to the DNS server and the issue did not resolve.

My thoughts
My concern is that the SBS DNS is somehow corrupt or not working properly.  Is there a way to reset it?  

I could also rebuild the secondary server without pulling the DNS info from the SBS server, but my fear is that it will be missing critical AD required information for the workstations.
I have internet in my building (PPPoEoE), currently, i'm using a linux machine as the router/firewall and I want to migrate to sophos myutm.

when I connect to the internet using linux, I have my default route that just routes to the interface:
ip route add default dev ppp0

The thing is, Sophos doesn't support interface routes for whatever reason, so it's using the PtP remote address, which my ISP has set to The problem is, MY router is, so when it adds the default route, it stuffs everything up.
Sophos runs linux in the background, and I can remove this route and add an interface route and everything starts working again.
The route set by my ISP does the following:
ip route add default via

My ISP says this doesn't matter because it is a PtP route, so it should route, however, it doesn't.

I've had to revert to my linux machine, and looking at the logs, with the relevant lines at the bottom of this text

I expect the remote ip address to be something like rather than

Is my ISP wrong? can someone point me in the direction of the relevant information about this? I've had a look online, and I can't find anything specific.

Nov 23 22:23:49 firewall pppd[29996]: Using interface ppp0
Nov 23 22:23:49 firewall pppd[29996]: Connect: ppp0 <--> eth1
Nov 23 22:23:52 firewall pppd[29996]: CHAP authentication succeeded
Nov 23 22:23:52 firewall pppd[29996]: peer from calling number 4C:5E:0C:DE:88:D0 authorized
Nov 23…
Dear Experts, we could not setup the VPN connection between Router C3925 and Firewall Sophos XG210. Attached files are the log in both 2 devices. Please revise and suggest, many thanks!

Public IP address of Firewall Sophos XG210: {A}.{B}.{C}.{D}
LAN IP network of Firewall:

Public IP address of Router C3925: {Q}.{W}.{E}.{R}
LAN IP network of Firewall:

This is the configuration on Router

interface GigabitEthernet0/1
 description "ISP 1"
 ip address {Q}.{W}.{E}.{R}
 ip access-group SECURITY-IN in
 ip access-group SECURITY-OUT out
 ip flow ingress
 ip nat outside
 ip virtual-reassembly in max-fragments 16 max-reassemblies 64 timeout 5
 duplex auto
 speed auto
 crypto map MYMAP

crypto isakmp policy 10
 hash md5
 authentication pre-share
 group 2
crypto isakmp key 6 password_here address {A}.{B}.{C}.{D}
crypto ipsec security-association lifetime seconds 1800
crypto ipsec transform-set MYSET esp-des esp-md5-hmac

crypto map MYMAP 10 ipsec-isakmp
 set peer {A}.{B}.{C}.{D}
 set transform-set MYSET
 match address 106

access-list 106 permit ip

Open in new window

Here is the configurations on Firewall:

IPSec profile:
IP Host:
Firewall rule:
Firewall VPN:
Dear Experts,
I have an issue lately after upgrading email security appliance. All outbound mails are using my Cisco firewall interface IP and often bounces as my email server public IP is different. Email appliance is Sophos EA.
My email server public IP is
Cisco FW ASA interface public IP
There is n option on sophos to change outbound IP address it takes primary up (internal).
On Cisco I have all SMTP traffic going out via but still traffic from sophos EA goes out via 196.
What should I do on Cisco ASA to make sophos ( internal IP to use for all outbound traffic.
We have Sophos UTM 9 that is providing dhcp. There are maybe 50 laptops in use.  There are access points through out the two buildings. The two building are connected with hp filber switches. The access points are meraki but there are a couple of older cisco access points.  I keeping getting calls about users not being able to connect to the internet. I find that they are connected to the wireless but the connection has a yellow bang symbol over it.  I release the address, flush the dns, disconnect and reconnect to the wireless but nothing fixes the issue.  The only thing that works in these instances is to set a static ip and dns.  Does anyone have a suggestion on fixing this or an idea of what is causing this?
need to install a sophos firewall. there is a cisco router that the ISP is plugged into and it has quite a bit of config on it. we are wanting to use the firewall primarily for webfiltering traffic. We would like to place it behind the cisco router. not exactly sure how to get web traffic to go through the firewall to be blocked/allowed. The client server runs DHCP and broadcasts the gateway as the internal ip of the router.






Sophos develops products for communication endpoint, encryption, network security, email security and mobile security as well as unified threat management. Products include hardware (or software virtual appliance) network firewalls including web browsing protection, AntiSpam filters and antivirus protection, encryption and data protection, web filter, antispam and mobile content and device management tools.

Top Experts In

No Top Experts for this time period. Answer questions to earn the title!