Tag Archives: Sophos

by

Sophos XG Site-to-Site VPN with Other FW Failed

Seems the method of using certificate-based connection won’t work with non-Sophos firewall.
I had to switch to shared-phrase in order to make it work.
Not sure if that problem is due to old firmware/device on the other side or is it compliance issue.

However, I had to go on the VPN settings on both firewalls and make sure all settings at both sides are exactly the same.
Finally, I decided to switch back to pre-shared key instead of the certificate-based authentication between the two appliances.
The moment I set the key on the initiator, the tunle immediatly came up.

HTH some1,,,

by

ADFS With Sophos XG Firewall

It’s basically simple process.
You may even use the Exchange ready-made firewall publishing policy as base for this one.
This is for SFOS 17.X

So, let’ move on:

1.      I assume you already have the SSL certificate installed properly on the XG box.

2.      Need to add the ADFS server to have a name under "Hosts andServices"

3.      Create new "Web Server" entry and use the host you added in step 1

4.      Create new protection policy with these settings:

a.       Set “Mode” to “Monitor”. You may use “Reject” if you’re concerned.

b.      Enable “Block clients with bad reputation”.

c.       Enable “Common threat filter”.

5.      Create new business rule with these settings:

a.       Hosted address “#Port2” assuming it’s the WAN port.

b.      Enable “HTTPS”.

c.       Select the SSL certificate, and add the URL under “Domains”.
For example “adfs.as7ablog.com”.

d.      Under “protected server(s)” select the ADFS server.

e.       Select the “Any IPv4” under “Access permission”.

f.        Select the protection policy you’ve created on step 4.

g.      Select the intrusion prevention policy if you like to.

h.      Enable "Pass host header"

by

XG Virtual Firewall on KVM and Openstack ERROR firstboot failed

Yep, no much result on the web about this subject.

I don’t know what the cause, nor why Sophos didn’t take it seriously.

Anyway, if you’ve downloaded version 16 of Sophos XG virtual appliance for KVM and you got the nice error message of

firstboot failed: swapon /dev/swap

But, if you know and sure you’ve done everything right and as per Sophos documents, then most likely you have the same issue we run through.

For some unclear reason we were able to solve this by having the Hyper-V version of the same appliance and run it on KVM platform :)

Our team members are testing it now on OpenStack with our service provider to make sure of the compliance.

HTH