Sophos develops products for communication endpoint, encryption, network security, email security and mobile security as well as unified threat management. Products include hardware (or software virtual appliance) network firewalls including web browsing protection, AntiSpam filters and antivirus protection, encryption and data protection, web filter, antispam and mobile content and device management tools.

Share tech news, updates, or what's on your mind.

Sign up to Post

I have two Sophos SG 230's that are configured for HA.  I have the LAN Port on the Master going to Switch 1.  I have the LAN Port on the Slave going to Switch 1.  I would like to add another LAN interface in the UTMs that I can use to connect them to Switch 2 for redundancy purposes.  

To properly do this, would I simply change interface eth0 (my current LAN interface) from "Type: Ethernet" to "Type: Bridge" and select one of the available interfaces / nics available on the UTM?
CompTIA Cloud+
LVL 13
CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

Dear Experts,

We have configured SSL VPN for the Sophos XG 310 firewall to use.

When we tried to add a second ssl vpn account copying the first account settings, we are unable to connect.

Is there a log for SSL VPN?
Dear experts, we are testing Sophos xg310 and Exchange 2016 server. If we use webmail owa, we can send/receive emails normally but we cannot connect to our accounts via MS Outlook and mobile.

Can you please suggest? Many thank
Hello Experts.  Any experience or recommendations regarding Microsoft ATP in O365 vs a traditional Endpoint Solution such as Sophos or ESET?  We are an educational institution so have an A1 licence.  Getting an A3 or A5 would allow ATP along with many other features I would like to have.
Sophos uses bitlocker as far as I'm aware. Bitlocker requires tpm modules? How do I check if all my laptops have a tpm module.
My employer was hit with malware two months ago and we've contained and treated it. However, it looks like our address book got hijacked. Users are being bombarded every day by spoofed emails using names of our employees, but coming from various domains around the world. Outside customers and vendors we often communicate with are also reporting that they are getting the same type emails, multiple times daily.

I know this is a long shot, but is there anything at all we can do about this? I suppose anybody can type any name in the "From" box on a message and since they have our names and contacts, they are exploiting it. We mark all external emails as [EXTERNAL] so at least people will see that the emails come from outside our domain despite the user's name, but that doesn't help for our vendors, customers, and other contacts.

We currently have Sophos installed on our servers and desktops, and run Barracuda's spam filter. Most of this stuff is getting caught and blocked, but there are so many that a few still slip through.

Any suggestions here?
Hello, We in the middle of integrating our on premise AD to our SOPHOS firewall. We had to download the SOPHOS firewall plugin to connect to AD and server information. Apparently the app reads certain particular events that tell it if a users has logged in or logged out of his or her computer system and based on that consider the user active and therefore starts logging and allowing that AD user access to the internet.

Currently this is not working and the cause per SOPHOS Senior engineer is when the user signs in the event viewer we see ID 4624 pop up but right after we get an event 4634 stating a logoff and the following message...

"This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer"  

SOPHOS Engineer specifically said event ID 4634 is causing this issue.

It makes sense that 4634 may be causing issues since it says the user is logged off when in fact they just logged in but is that event ID 4634 a normal event across all servers or an issue I must fix?

-Currently only 1 domain controller
-Windows Server 2016
-About 60 Users
Does anyone know why a Sophos firewall would suddenly stop providing proper DNS? We thought it was a Verizon issue, but the traceroutes I'm running stop at the firewall? I checked the DNS entries and they read like the Sophos site says they should.
Dear Experts,

I have a Sophos vhdx installed into my hyper-V version SFOS 17.1.3 MR-3.

How do i login and configure the IP address and its interfaces?

I only managed to access the console via the Main Menu.
Hi Guys,

I am trying to configure a SonicWALL TZ400 site-to-site VPN.
We have a Sophos firewall router on the remote side.

The Dell SonicWALL replaces our previous Netgear Prosafe FVS336G router, which connects the site-to-site VPN successfully.

I confirmed the Dell SonicWALL VPN / IPsec settings again and again, but no connection unfortunately.

I used the SonicWALL quick VPN configuration.

I've noticed that the access rules for "VPN to LAN" have been auto-added, as well as "VPN to WAN"

Are there any changes that is needed to the access rules, or NAT rules for the site-to-site VPN to work?
Any recommendations are welcome ...
Exploring SharePoint 2016
LVL 13
Exploring SharePoint 2016

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.

We have a Windows 2012 R2 domain with 2 domain controllers. Users authenticate to the domain with no problems.

We have 2 subnets

The WLAN traffic is routed through our Sophos XG230 Firewall/Router

Any user authenticating against one of the domain controllers (from the WLAN) shows  the ip address of the Firewall/Router, not its correct ip address of hte host they are on.

I can see this in the kerberos TGT in Event Viewer 4768.

This is only happening on 1 of the domain controllers.

Any ideas on how troubleshoot would be greatly appreciated.
I am looking at getting a new Wifi solution for our new building.  I have looked at Meraki, Ruckus and Arruba, Sophos and even at a Cisco controller option.
I'm having a hard time deciding which solution is best for my environment.  We have two separate buildings, but will all be one system.  Hands down, the Meraki cloud has the best analystics and displays the data the best, my opinion, but it's not the cheapest.  Going from a controller based to cloud based design makes me uneasy, as if the internet goes down, then my entire wifi is down as well.  
By far I like the Meraki dashboard and the options available in their cloud.

We will need about 50 APs for both buildings.  I'm working with a vendor that said after we move forward with the purchase, they will perform a heatmap analysis, so we know where to place them, so that's good.

Any suggestions what to look out for, or any recommendations?  
Does anyone not like Meraki or any of the others I mentioned?
We have experienced some issue with Sophos AV and Exchange server 2016. I want to uninstall Sophos but have been unable to do so cleanly(even with the help of their tech support). I remember that MS had and uninstall tool that worked very well. Is this tool available and if so where can I obtain it? If the answer is no what other options do I have.
I am looking at a replacement for our aging Cyberoam UTM. One of our options is the Sophos X330, which appears to be a good upgrade path for my requirements.

Has anyone used Cyberoam and the moved to Sophos? I am curious if there are setup and managing similarities. Seeing as Sophos acquired Cyberoam a few years ago, I was wondering if the Sophos UTM would be familiar in some way after using Cyberoam. Maybe they had adopted various features, and so the appliance would be familiar in how it was setup.

Would you consider the Sophos XG series easy to setup and deploy? I don't really want to get a technician in to setup the system on the new UTM. I setup our Cyberoam and continue to manage it without a problem, so I am hoping to do this with whichever new one we choose.

Any other thoughts about your positive or negative experience with Sophos UTM's would be appreciated?
We are currently deploying Mimecast to our environment. We had setup the journaling and send connectors. We found that all the journaled traffic was causing a backlog in our on premise Sophos Email appliance. My question is, can I configure the primary send connector to our email domains instead of *, and configure the mimecast send connector for it's domain, or is this going to cause issues?
Dear Experts, can you please suggest pros and cons of this diagram? Any suggestion please?

Dear Experts, we are moving our Data Center in the next 2 months. What should we consider and take note in order to move DC smoothly?

Our environment:
- 4 x Server ESXi6.5 (HP Gen9)
- 2 x Routers Cisco 3925
- 2 x Core Switch Cisco 3750/3560
- 1 x Firewall Sophos XG
- 10 x Access Switch Cisco CE500
- 5 x WAP Cisco Meraki MR18
- 5 x Physical Server IBM x3650

Many thanks!
Outlook 2007...
Recieving but NOT sending emails...
Occasional Secuirty Certificate cannot be Verified...

My mother in law...age 95 is active on her PC...She uses Outlook and is fairly familiar with it...We POP Gmail...

She has been using this PC with W7 and Outlook 2007 for about 8 years...
She lives in an assisted care facility...

About 2 weeks ago she started getting Security Certificate cannot be Verified...
Relates to Sophos...says a mismatch in the SSL port...and Outlook will NOT send email...but she recieves email ok...

I cleaned it up...reinstalled Office 2007...and got the same joy...

So...I took it to my shop...and discovered that Outlook worked just fine on MY internet connection...

BUT....I rebuild the PC anyway and installed Outlook 2007...connected her PST file and everything is working perfectly on MY internet...

I set it up again in her apartment at the assisted care facility and Outlook will NOT send email...I had the facilities maintenance guy try...and we cannot get it working...
Internet is fine...if I go to Gmai webmail her email works just fine...

So...It seems to be an Outlook issue on the facilities network...

So...on Gmail the SMTP port is 587....what do you think the chances are that the IT company that handles the assisted care facility closed port 587 on the router...??? there some possible other reason for the issue...

Many thanks in advance...
Hi all,

We have a VPN tunnel between two Sophos firewalls.

Location A =, (VLAN99)
Location B =

The VPN tunnel is UP and communication between the main networks is working properly.

From site B, however, the DMZ network (VLAN99) in site A is only limited reachable.

From Site B -> I can ping the gateway ( but the Printer ( is not reachable. I should say only the gateway is reachable everything else can't be reached through the VPN tunnel from side b.

I have attached a screenshot of the VPN tunnel configuration of both sites.

Thanks in advance.
Expert Spotlight: Joe Anderson (DatabaseMX)
LVL 13
Expert Spotlight: Joe Anderson (DatabaseMX)

We’ve posted a new Expert Spotlight!  Joe Anderson (DatabaseMX) has been on Experts Exchange since 2006. Learn more about this database architect, guitar aficionado, and Microsoft MVP.

I have a couple of machines that are not able to browse to HTTP sites at a remote site where that I have established a PPTP VPN to that site (via the OS). I can ping the respective IP address fine however HTTP browsing does not work. I am of great suspicion that this is something in our Sophos UTM as I can browse to the HTTP sites on my laptop via cellular connection fine (effectively bypassing the Sophos UTM).

I am not using 'use default gateway on remote network' yet I am unable to packet capture (in the Sophos UTM) any traffic going via the PPTP VPN to the remote site.

I've worked with Sophos UTMs (ex Cyberoam) for a number of years now and I cannot see anything obvious where anything would be being blocked or dropped. Everything is open. Nothing has been modified recently that would prevent this, and it only stopped in the last few months (yes I've been slack).

Has anyone experienced similar issues?
I have a Sophos Firewall at home(Version 9.5) .I created a Guest WLAN access. I connect Guest wlan no problem, internet etc works.
I try to RDP connection to my friend laptop which is windows 10 computer ,from Guest Wlan cant RDP to external.
I I use network cable connect my laptop then I can RDP to my Friend laptop.

Internal Cable connectionRDPmy friend  laptop =WORKS!
Guest-WLANRDPmy friend laptop =NOT WORKING!

Do I need a rule under Guest-WLAN?
Client is using a Sophos XG Firewall to filter email. The XG had been configured in MTA mode and had been working with an Exchange 2010 server running on  Server 2008R2 for about 1 year. Over the weekend, the client updated the firmware from SFOS17.0.2 MR-2, to SFOS 1706 MR-6. After the update, Sophos log reported that email had been delivered from the Sophos to Exchange, but was not received in the client mailboxes.

A call to Sophos support resulted in turning the Sophos from MTA mode to Legacy mode which achieved the objective of Email being filtered and delivered to user mailboxes, however, any reports generated by the XG (i.e. Quarantine Digest) are not being delivered from the XG to Exchange.

One symptom which the Sophos tech was unable to explain was that he was able to telnet from a workstation into the Exchange server, and get a response, but not from the XG into the Exchange server. We would get "Connection refused". When reviewing the Sophos logs (after the change to Legacy mode), System Log reports "Fail to send mail: Cannot connect to mail server, when attempting to send a test from the XG.

There have been no changes to the email server and the only change is the XG firmware. Has anyone else experienced this issue?
Unable to find solution for event ID 5038 on Windows Server 2008 Enterprise, Service Pack 2. Event details as below. The file path mentioned in the event details is pertains to Sophos Antivirus program.

Event ID Details:
Code integrity determined that the image hash of a file is not valid.  The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name:      \Device\HarddiskVolume1\Windows\System32\drivers\savonaccess.sys      

Please advice solution to the above event ID to stop and resolve. - Pritesh Parikh - (Email:

Whats the best way to check/pull the config from a Sophos XG210 firewall.
Inherited a new client with a Sophos appliance.  The UTM 9 so far seems to be a great device.  That being said, I am trying to turn off filtering for a specific endpoint.  Even though it is in the "allow access", when I am on that endpoint it still get re-directed to a webpage hosted on the appliance and is expecting to want some sort of authentication.  Are there good tutorials on how to manage Sophos?






Sophos develops products for communication endpoint, encryption, network security, email security and mobile security as well as unified threat management. Products include hardware (or software virtual appliance) network firewalls including web browsing protection, AntiSpam filters and antivirus protection, encryption and data protection, web filter, antispam and mobile content and device management tools.

Top Experts In