Go Premium for a chance to win a PS4. Enter to Win

x

Sophos

203

Solutions

376

Contributors

Sophos develops products for communication endpoint, encryption, network security, email security and mobile security as well as unified threat management. Products include hardware (or software virtual appliance) network firewalls including web browsing protection, AntiSpam filters and antivirus protection, encryption and data protection, web filter, antispam and mobile content and device management tools.

Share tech news, updates, or what's on your mind.

Sign up to Post

Dear Experts, we could not setup the VPN connection between Router C3925 and Firewall Sophos XG210. Attached files are the log in both 2 devices. Please revise and suggest, many thanks!

Public IP address of Firewall Sophos XG210: {A}.{B}.{C}.{D}
LAN IP network of Firewall: 172.16.16.0/24

Public IP address of Router C3925: {Q}.{W}.{E}.{R}
LAN IP network of Firewall: 192.168.6.0/24


This is the configuration on Router

interface GigabitEthernet0/1
 description "ISP 1"
 ip address {Q}.{W}.{E}.{R} 255.255.255.192
 ip access-group SECURITY-IN in
 ip access-group SECURITY-OUT out
 ip flow ingress
 ip nat outside
 ip virtual-reassembly in max-fragments 16 max-reassemblies 64 timeout 5
 duplex auto
 speed auto
 crypto map MYMAP

crypto isakmp policy 10
 hash md5
 authentication pre-share
 group 2
crypto isakmp key 6 password_here address {A}.{B}.{C}.{D}
!
crypto ipsec security-association lifetime seconds 1800
!
crypto ipsec transform-set MYSET esp-des esp-md5-hmac
!

crypto map MYMAP 10 ipsec-isakmp
 set peer {A}.{B}.{C}.{D}
 set transform-set MYSET
 match address 106

access-list 106 permit ip 192.168.6.0 0.0.0.255 172.16.16.0 0.0.0.255

Open in new window


Here is the configurations on Firewall:

IPSec profile:
Firewall_IPSec.JPG
IP Host:
Firewall_IPHost.JPG
Firewall rule:
Firewall_Rule.JPG
Firewall VPN:
Firewall_VPN.JPGRouterCisco3925Log.txt
FirewallLOG.JPG
0
New feature and membership benefit!
LVL 11
New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

Set-up issues


I will preface this by saying I had a UTM120 for three years with the UTM9 OS and right now thinking boy I miss those days.  I was told that my appliance was nearing end-of-life so to renew licensing I went with the XG115.  I had configured UTM9 on my own and generated help desk cases if issues arose.  This appliance is quite a bit different.  Firmware XG115 (SFOS 17.0.0 GA) so on the latest firmware.

What I am trying to resolve right now is that any type of web surfing is extremely painful.  I have an on-premise Exchange server so port 443 is being forwarded to it but I also have the default network rule of WAN to LAN all ports and all services are open.  I have a similar network rule that WAN to LAN port 443 is open thinking of other workstations that initiate SSL traffic it will find its way back to the device that initiated the traffic.  Let's face it.  Most web sites are https.  I am constantly being warned that the certificate cannot be verified and I have to click to still access the site or create an exception for the site depending on the browser.  I cannot log in using an account to any web site.  Some sites I can't even create the exception in Firefox.  I can't use the StartPage search engine.  Amazon looks like crap.  No pictures and just a bunch of links.

A little bit on the network.  Uverse gateway goes to a Cisco ASA appliance that I consider my perimeter (and why not have another layer of defense !).  The XG is in bridge mode.  For a …
0
What are the differences between Sophos XG and Sophos UTM? Do we have an iso file of Sophos XG? Many thanks!
0
I need a firewall for branch office with 8 users and may go up to 12 in the next year or two. Most of the resources are in Head Office (HO) and has Sophos XG firewall. Remote users use Sophos SSL VPN client individually on their computer and RDP access to connect to HO. Now the requirement is to replace SSL VPN client and establish a site-to-site VPN and join all the remote computers to the DC in HO. I was looking at Sophos XG 115 for the branch office.

Would like to get some expert advise on Sophos XG 115 device for branch office or if there are any other better alternative available for site-to-site VPN? Also trying to keep the cost to minimum.
0
Hi,

We have been asked to setup mandatory TLS by one of our customers, for all incoming and outgoing mail to their domain.

We run Exchange 2010 servers, Sophos Email Appliance, and we also use a cloud based spam filter.
All incoming and outgoing email goes through the Sophos smarthost, also incoming mail hits the spam filter first then is passed to Sophos.  Outgoing mail doesn't go through the spam filter.

I've researched and think I know how to configure TLS on Exchange, Sophos, and our spam filter.

Will I need to configure TLS on Exchange for the send and receive connector?
Exchange isn't externally facing, so I am assuming the self-signed certificate will work for TLS with our internal smarthost?   The smarthost is externally facing so it will need a public cert and configuring for TLS.

I had a thought that maybe for incoming email I wouldn't need to configure TLS on our internal Exchange, but I could be wrong?

Thanks in advance.
0
Dear Experts,
I have an issue lately after upgrading email security appliance. All outbound mails are using my Cisco firewall interface IP and often bounces as my email server public IP is different. Email appliance is Sophos EA.
My email server public IP is 86.xxx.xxx.197
Cisco FW ASA interface public IP 86.xxx.xxx.196
There is n option on sophos to change outbound IP address it takes primary up (internal).
On Cisco I have all SMTP traffic going out via 86.xxx.xxx.197. but still traffic from sophos EA goes out via 196.
What should I do on Cisco ASA to make sophos ( internal IP 192.168.1.88) to use 86.xxx.xxx.197 for all outbound traffic.
0
Trying to get Sophos Puremessage on Windows SBS 2011.
The Sophos Management Console is on a different server and have already successfully installed the AV client on this server.

When running the setup.exe for Puremessage 314 I get the the following error:

Setup encountered an error while gathering system information.
Error details: COM error-code 0x80041001 : IDispatch error #3585

I enabled the PureMessage logging in the registry as recommended on the Sophos site and the log file shows the same error:

MsiUtils.cpp         pr:3844 th:6396 ln:00392 12:31:18.673 INF   + Entering Function : UTIL::MSI::MsiProcessTextMessage()
MsiUtils.cpp         pr:3844 th:6396 ln:00399 12:31:18.674 ERR     0x01000000: Setup encountered an error while gathering system information.
Error details: COM error-code 0x80041001 : IDispatch error #3585


Would appreciate any ideas on where to look for issues.
0
Hi Everyone,
we have our company website hosted in Godaddy. we have an option called tracking parcel. when i enter the parcel id and enter its just loading but the information is not retrived. when i looked into the inspect option ,network it shows "Curl error: Failed to connect to 118.201.198.205 port 8080: Connection refused0"

we have sophos firewall where i have configured a rule for the same public IP for port forwarding .
i am not sure where the connection is refused and how to check the same.

kindly help me
0
We have Sophos UTM 9 that is providing dhcp. There are maybe 50 laptops in use.  There are access points through out the two buildings. The two building are connected with hp filber switches. The access points are meraki but there are a couple of older cisco access points.  I keeping getting calls about users not being able to connect to the internet. I find that they are connected to the wireless but the connection has a yellow bang symbol over it.  I release the address, flush the dns, disconnect and reconnect to the wireless but nothing fixes the issue.  The only thing that works in these instances is to set a static ip and dns.  Does anyone have a suggestion on fixing this or an idea of what is causing this?
0
need to install a sophos firewall. there is a cisco router that the ISP is plugged into and it has quite a bit of config on it. we are wanting to use the firewall primarily for webfiltering traffic. We would like to place it behind the cisco router. not exactly sure how to get web traffic to go through the firewall to be blocked/allowed. The client server runs DHCP and broadcasts the gateway as the internal ip of the router.
0

Sophos

203

Solutions

376

Contributors

Sophos develops products for communication endpoint, encryption, network security, email security and mobile security as well as unified threat management. Products include hardware (or software virtual appliance) network firewalls including web browsing protection, AntiSpam filters and antivirus protection, encryption and data protection, web filter, antispam and mobile content and device management tools.