Here in this article we will configure Sophos XG firewall accordingly to prevent DOS attack to the internal network. Before going to configure DOS configuration in Sophos XG firewall, let us understand what is DOS and DDOS attacks then we will understand how to prevent that type of attack using Sophos XG firewall. What Are DOS And DDOS Attacks? Denial […]
Here in this article we will understand how to resolve the issue when we are unable to enable HA after replacing old XG with new XG. You can reproduce the issue by following the below steps: Reproducing The Issue: Suppose think like you have three firewalls A, B and C. Here A is acting a primary firewall, B is auxiliary […]
Overview: Here in this article we will discuss how to set MSS value in IPSEC connection. After making the below changes all the traffic which is passing through IPSEC connection will use new MSS value. Suppose here scenario is there is site to site IPSEC VPN between XG firewall A and XG firewall B. XG firewall A network—192.168.1.0/24 XG firewall […]
Issue: User UTM firewall is configured in high availability, he is trying to upgrade the firmware by leaving firewall in high availability mode. User observed slave node of the firewall stuck in up2date when updating the firmware. Here is the screenshot of high availability status Resolution: Now from the above screenshot we can understand master node has upgraded its firmware […]
Issue Description: User is connected to corporate LAN network through sophos connect client VPN. User home network range is “172.16.16.16/24” and corporate LAN network is also using the same range “172.16.16.16/24“. So if user connected through sophos connect client VPN is pinging any corporate LAN IP address, request will not pass through sophos connect client VPN tunnel instead request will […]
Issue: Here in this article we will discuss how to sort out the issue when sophos access points behind red are not able to connect to sophos XG firewall configured in standard or transparent split mode. Troubleshooting: When we are configuring RED interface in standard split mode or transparent split mode only the traffic destined to networks mentioned in split […]
Sometimes firewall module IPS will block some legitimate traffic as malicious traffic which results in blocking of some legitimate traffic. Here in this article we will configure how to create IPS signature exception in sophos XG firewall for specific traffic false positive traffic. NOTE: Many users will have confusion how to identify whether the traffic is malicious or legitimate. The […]
Issue: Here in this article we will discuss how to troubleshoot the issue when one of the IPSEC SA’s remains inactive. We can refer this article when some SA’s are established and some SA’s are down. Troubleshooting: In the above image, we can notice security association between “192.168.80.0/24” and “192.168.64.0/20” is down and security association between “192.168.1.0/24” and “192.168.64.0/20” is […]
Here in this article we will understand what is sender policy framework (SPF) and then we will discuss how to implement SPF protection in sophos XG firewall to protect spoofed and spam emails Overview Of SPF: Sender Policy Framework (SPF) is an email authentication technique that helps protect email senders and recipients from spam, spoofing and phishing. It defines a […]
Issue: Here in this article we will discuss how to resolve this error “service unavailable error” in sophos connect VPN as shown in the below image Cause: When users click on disconnect or shutdown the PC, sophos connect main service strong swan stuck in an infinite loop. This results in GUI not getting response and shows the error as “Service […]