Sophos

228

Solutions

408

Contributors

Sophos develops products for communication endpoint, encryption, network security, email security and mobile security as well as unified threat management. Products include hardware (or software virtual appliance) network firewalls including web browsing protection, AntiSpam filters and antivirus protection, encryption and data protection, web filter, antispam and mobile content and device management tools.

Share tech news, updates, or what's on your mind.

Sign up to Post

Hi all,

We have a VPN tunnel between two Sophos firewalls.

Location A = 10.102.0.0/24, 192.168.99.0/24 (VLAN99)
Location B = 10.102.1.0/24

The VPN tunnel is UP and communication between the main networks is working properly.

From site B, however, the DMZ network (VLAN99) in site A is only limited reachable.


From Site B -> I can ping the gateway (192.168.99.1) but the Printer (192.168.99.14) is not reachable. I should say only the gateway is reachable everything else can't be reached through the VPN tunnel from side b.

I have attached a screenshot of the VPN tunnel configuration of both sites.

Thanks in advance.
connection-between-site-a-and-b.png
0
Cloud Class® Course: Ruby Fundamentals
LVL 12
Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

I have a couple of machines that are not able to browse to HTTP sites at a remote site where that I have established a PPTP VPN to that site (via the OS). I can ping the respective IP address fine however HTTP browsing does not work. I am of great suspicion that this is something in our Sophos UTM as I can browse to the HTTP sites on my laptop via cellular connection fine (effectively bypassing the Sophos UTM).

I am not using 'use default gateway on remote network' yet I am unable to packet capture (in the Sophos UTM) any traffic going via the PPTP VPN to the remote site.

I've worked with Sophos UTMs (ex Cyberoam) for a number of years now and I cannot see anything obvious where anything would be being blocked or dropped. Everything is open. Nothing has been modified recently that would prevent this, and it only stopped in the last few months (yes I've been slack).

Has anyone experienced similar issues?
0
I have a Sophos Firewall at home(Version 9.5) .I created a Guest WLAN access. I connect Guest wlan no problem, internet etc works.
I try to RDP connection to my friend laptop which is windows 10 computer ,from Guest Wlan cant RDP to external.
I I use network cable connect my laptop then I can RDP to my Friend laptop.

Internal Cable connectionRDPmy friend  laptop =WORKS!
Guest-WLANRDPmy friend laptop =NOT WORKING!


Do I need a rule under Guest-WLAN?
0
Client is using a Sophos XG Firewall to filter email. The XG had been configured in MTA mode and had been working with an Exchange 2010 server running on  Server 2008R2 for about 1 year. Over the weekend, the client updated the firmware from SFOS17.0.2 MR-2, to SFOS 1706 MR-6. After the update, Sophos log reported that email had been delivered from the Sophos to Exchange, but was not received in the client mailboxes.

A call to Sophos support resulted in turning the Sophos from MTA mode to Legacy mode which achieved the objective of Email being filtered and delivered to user mailboxes, however, any reports generated by the XG (i.e. Quarantine Digest) are not being delivered from the XG to Exchange.

One symptom which the Sophos tech was unable to explain was that he was able to telnet from a workstation into the Exchange server, and get a response, but not from the XG into the Exchange server. We would get "Connection refused". When reviewing the Sophos logs (after the change to Legacy mode), System Log reports "Fail to send mail: Cannot connect to mail server servername.domainname.com:25, when attempting to send a test from the XG.

There have been no changes to the email server and the only change is the XG firmware. Has anyone else experienced this issue?
0
Unable to find solution for event ID 5038 on Windows Server 2008 Enterprise, Service Pack 2. Event details as below. The file path mentioned in the event details is pertains to Sophos Antivirus program.

Event ID Details:
Code integrity determined that the image hash of a file is not valid.  The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name:      \Device\HarddiskVolume1\Windows\System32\drivers\savonaccess.sys      

Please advice solution to the above event ID to stop and resolve. - Pritesh Parikh - (Email: Pritesh_net@yahoo.com).
0
Hi

Whats the best way to check/pull the config from a Sophos XG210 firewall.
0
Inherited a new client with a Sophos appliance.  The UTM 9 so far seems to be a great device.  That being said, I am trying to turn off filtering for a specific endpoint.  Even though it is in the "allow access", when I am on that endpoint it still get re-directed to a webpage hosted on the appliance and is expecting to want some sort of authentication.  Are there good tutorials on how to manage Sophos?
0
We had a user whose laptop was infected with ransomware, and that led me to look into the solution to it, and our backup system.
Fortunately, he was not connected to the company network, so the files were only locked in his laptop.
Free ransomware removal tool from TrendMicro, and someone else did not work.

1. What is the best removal tool?

I am looking into Sophos. They have Enterprise Malware Removal Tool that can take care of Ransomware. We use their anti-virus software, so theirs caught my eye.

2. What is the best backup strategy?

I had a IT admin friend, and his system got infected. He spent $30K to get his files back from the servers, and what was interesting was that the ransomware did not manifest itself right away. It was like 2 or 3 days later.
Right now, my servers are backed up fully every night to a USB drive. I have only 3 servers. No incremental or differential. I'd like to know how people backup a couple of terabyte data these days. Tape systems were used in the past, and each day manually or automatically different tapes were used. Do people do this even in 2018? I only used it 10 years ago.

https://www.amazon.com/EX4100-Expert-Network-Attached-Storage/dp/B00TB8XN2E
These can have multiple full backups, and each time are they totally offline from each other? I hear that Ransomware can go into other resources in the same LAN. Then I need a backup system that can backup multiple generations (like daily), and they need to be completely …
0
Hi all,

I'm looking for a bit of help getting started with my HP 1820-24g switch .

my network plan :

sophos router eth1(lan 192.168.0.1/24) and i configured the sophos router so : new interface eth4 (192.168.2.1/24) mit VLAN ID :10 function.

i also sophos router configured dhcp scopes for 192.168.2.100- to 200

so i connected sophos eth4 lan cable  -->switch port 1


so i have the native vlan 1, and  vlan 10(port 1-10 tagged) for lan  on the router.

my problem are:
1. if i change sophos interface(eth4)  Vlan funtion to only ethernet and i connect my laptop port 7 then get my laptop IP from sophos router dhcp server.

2.if i change sophos inteface (eth4) only Vlan fuction (vlan 10),then my laptop gets no ip from sophos dhcp server.

any idea and help?
Thank you
0
For the patch of the chip vulnerability, can I just download the patch from microsoft and install it on all servers and workstations rather than use windows update?  I have a couple servers and 20 workstations.  Also, I noticed that you have to be careful with antivirus because of a registry entry.  Can someone help me out with this issue, I use SOPHOS antivirus and the link below details what they are doing to work with the MS patch.  I think it says that SOPHOS works with the patch but I am not entirely sure.  Better safe than sorry.  Here is the link:    https://community.sophos.com/kb/en-us/128053
0
Cloud Class® Course: CompTIA Cloud+
LVL 12
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

Hi All,
We have two sites linked via BT routers and each site has its own UTM and fail over simple diagram below.

WAN                                         WAN
  |                                              |
Router                                     Router
  |                                               |
UTM                                         UTM
  |                                               |
Lan - Router -WAN - Router - LAN

So we have a site link and two sites with Primary/DR with fail over routers

The primary site UTM has IP : 194.72.126.66 GW : 194.72.126.65
The primary sites internet works fine

The secondary DR site UTm has IP : 194.74.139.67 GW : 194.72.126.65
I cannot get out to the internet from this UTM

BT have said there is no issue with the routers and the failover is working on the routers.   Below is the information BT have provided me concerning the IP address allocation.

I have recently taken over this position and I'm under the impression this has never worked any ideas why the second UTM at the DR site cannot get  onto the internet?

Regards

John H

194.72.126.64 255.255.255.224
194.72.126.74<<used on primary router
194.72.126.75<<used on V1 router
194.72.126.65<< HSRP standby address and the gateway for you to point to from both devices
 
194.74.139.64 255.255.255.240
194.74.139.66<<< used on primary
194.74.139.67<<used on V1
194.74.139.65<<< HSRP standby address and the gateway for you to point to…
0
Hi

Were looking at this in detail.  Would like to audit and monitor data that is being driven by users, so services and apps they are using, and what they are sending via email in particular.
Tried exchange online DLP - pants.
Mimecast DLP - pants
Sophos DLP - seems ok, but not great.

Anything else out there?

Thanks
0
I have a server with a Hyper-V role and virtual machines and a firewall sophos installed.

I would like to create a rule in which when a client (out of the internal network) want to connect to remote connection then this user need to transfer to a specific virtual machine (not to the host server).

How to create this rule?
0
Dear Wizards, can we have some solutions (Open source) to setup networking environment for startup (small) company. We knew some things like:
- Firewall/Router: Sophos XG Home, pfSense
- Storage: FreeNAS, XPenology
- PC: Ubuntu, OpenOfficce

How about the Switch? Is there any Open Source ISO file that we can use to simulate the Switch (let's say Cisco :))

Many thanks!
0
Hi Experts,
I have a Sophos Firewall and want to use at home. I got some Information that if i use it at home then i Need Home-use license.
how can i get homelicense for it? I look at Sophos web site but i did not understand how is?

Thank you so much and Regards
0
Hello Experts,
I want to learn VLAN configrations on HP Procurve Switches. I Need your suggestions about  which HP Switch models ,is best for beginning. I will buy Switches on eBay.
I have a Sophos UTM 220 Hardware Firewall at my Network.

1.do i Need to buy layer 2 or layer 3 Switches?
2.which HP model can help VLAN configuration?

Thanks
0
I am creating a new network and each machine we would like to install Norton AV but all laptops has Bitdefender on it and my question is:

1 - Can I use Bitdefender for my network? or Norton is better?

2 - Any advice on Sophos end point?


Can you please kindly advice?

Best regards,
Mallony
0
Set-up issues


I will preface this by saying I had a UTM120 for three years with the UTM9 OS and right now thinking boy I miss those days.  I was told that my appliance was nearing end-of-life so to renew licensing I went with the XG115.  I had configured UTM9 on my own and generated help desk cases if issues arose.  This appliance is quite a bit different.  Firmware XG115 (SFOS 17.0.0 GA) so on the latest firmware.

What I am trying to resolve right now is that any type of web surfing is extremely painful.  I have an on-premise Exchange server so port 443 is being forwarded to it but I also have the default network rule of WAN to LAN all ports and all services are open.  I have a similar network rule that WAN to LAN port 443 is open thinking of other workstations that initiate SSL traffic it will find its way back to the device that initiated the traffic.  Let's face it.  Most web sites are https.  I am constantly being warned that the certificate cannot be verified and I have to click to still access the site or create an exception for the site depending on the browser.  I cannot log in using an account to any web site.  Some sites I can't even create the exception in Firefox.  I can't use the StartPage search engine.  Amazon looks like crap.  No pictures and just a bunch of links.

A little bit on the network.  Uverse gateway goes to a Cisco ASA appliance that I consider my perimeter (and why not have another layer of defense !).  The XG is in bridge mode.  For a …
0
What are the differences between Sophos XG and Sophos UTM? Do we have an iso file of Sophos XG? Many thanks!
0
Introducing Cloud Class® training courses
LVL 12
Introducing Cloud Class® training courses

Tech changes fast. You can learn faster. That’s why we’re bringing professional training courses to Experts Exchange. With a subscription, you can access all the Cloud Class® courses to expand your education, prep for certifications, and get top-notch instructions.

I've recently installed Sophos XG230 UTMs on two campuses. Now our Sharp copiers could no longer scan to email.

They SMTP through a gmail account.

I know the user email and password are correct but we get a Error [3332]:  Authentication type not supported.
 
When tested with 'no authentication' connection to SMTP server is fine.

Whilst testing I have allowed all outbound traffic.

Any help would be greatly appreciated.
0
Dear Experts, we have 1000 users located at multiple sites.
- The Headquarter office includes 400 users, has Cisco Router 3925, not yet Firewall.
- Site A includes 200 users, has Sophos Firewall.
- Each of Site B, C, D, E has 100 users, only has Modem Internet, not yet Firewall

In Headquarter, the AD server (Win Server 2012R2) is ready but we are not sure about the method to join domain for ALL users. We have several questions as below:

1. MPLS-VPN leasdline and VPN connection, which one is better in terms of performance and cost?

2. In case we choose VPN connection, should we choose Site-to-Site VPN or Remote-Access VPN, and why? Which devices should we buy?

3. As my understanding, in VPN connection, the users who connected will use the Internet connection from VPN server, is it right? If so, will the VPN connection is suitable for 1000 users?

4. For the Domain diagram, which model should we use for high performance and availability? We intend to install Addition DC in Headquarter and RODC in each site? Is it okay?

5. In Headquarter, all servers are VM and we have Veeam 9.5 to backup, but in sites servers are physical. Which backup software is the best for physical AD machines?  
0
I am looking for any software appliance for Sophos XG.

I need it for make practice with Sophos firewall.
0
I need a firewall for branch office with 8 users and may go up to 12 in the next year or two. Most of the resources are in Head Office (HO) and has Sophos XG firewall. Remote users use Sophos SSL VPN client individually on their computer and RDP access to connect to HO. Now the requirement is to replace SSL VPN client and establish a site-to-site VPN and join all the remote computers to the DC in HO. I was looking at Sophos XG 115 for the branch office.

Would like to get some expert advise on Sophos XG 115 device for branch office or if there are any other better alternative available for site-to-site VPN? Also trying to keep the cost to minimum.
0
Sites hosted on godaddys secureserver.net are inaccessible from our main external ip address.  I called our firewall support at sophos and they said that the sites in question are not responding to our tcp handshake and this is why we cant connect. Sophos says I needed to call godaddy and see why they are blocking our ip address. I called them but they said our ip is not blocked and there is nothing they can do for us.  Im not sure what to do next.  Any ideas?
0
Hi,

We have been asked to setup mandatory TLS by one of our customers, for all incoming and outgoing mail to their domain.

We run Exchange 2010 servers, Sophos Email Appliance, and we also use a cloud based spam filter.
All incoming and outgoing email goes through the Sophos smarthost, also incoming mail hits the spam filter first then is passed to Sophos.  Outgoing mail doesn't go through the spam filter.

I've researched and think I know how to configure TLS on Exchange, Sophos, and our spam filter.

Will I need to configure TLS on Exchange for the send and receive connector?
Exchange isn't externally facing, so I am assuming the self-signed certificate will work for TLS with our internal smarthost?   The smarthost is externally facing so it will need a public cert and configuring for TLS.

I had a thought that maybe for incoming email I wouldn't need to configure TLS on our internal Exchange, but I could be wrong?

Thanks in advance.
0

Sophos

228

Solutions

408

Contributors

Sophos develops products for communication endpoint, encryption, network security, email security and mobile security as well as unified threat management. Products include hardware (or software virtual appliance) network firewalls including web browsing protection, AntiSpam filters and antivirus protection, encryption and data protection, web filter, antispam and mobile content and device management tools.

Top Experts In
Sophos
<
Monthly
>