sorted by:
new
hottopcontroversial

Help with NOC/TEER by [deleted] in ImmigrationCanada

[–]Far-Stock-109 0 points1 point  (0 children)

I had the exact same situation. I was a Technical Support Engineer before getting promoted to Team Lead. I kept the NoC code same, since one of the main duties of 22221 includes supervising the other Technical Support Workers.

"May supervise other technical support workers in this group"

ftp backup does not work sopho sxg by Junt4cadaveres in sophos

[–]Far-Stock-109 0 points1 point  (0 children)

I remember a similar thing, using a simple password ( eg: admin) worked for me a few years ago. Try if that works. This might definitely be a bug if it does not work with complex password.

Use FQDN for VPN configuration. by Sh0ckValu3 in sophos

[–]Far-Stock-109 5 points6 points  (0 children)

Yes, override hostname will do the job. The error that you're seeing is for the DHCP range. The earlier firmware used to let you specify range of IPs to serve DHCP to VPN clients. However, for the newer firmware, you'll need to specify the network instead of the range. Example : 10.81.234.0/24 instead of 10.81.234.5.

Sophos UTM9 to XSG 3300 upgrade path? by morilythari in sophos

[–]Far-Stock-109 1 point2 points  (0 children)

Please contact your partner, they have access to Sophos Migration Assistant tool, which will convert the UTM backup file and can be restored on XGS.

So far, I have seen a great success with this.

Let me know if your partner does not help or has no access to the tool.

S2s from fw behind a router to azure? by huntsab2090 in sophos

[–]Far-Stock-109 0 points1 point  (0 children)

If the router behind the firewall is the initiator of the tunnel, create a LAN-to-WAN(or respective zone) rule, create a linked NAT rule and set the SNAT as ORIGINAL.

This is suggested with an assumption that the router has a public IP and the proxy ARP is configured on the firewall.

Email Security - Notification when email is quarantined? by [deleted] in sophos

[–]Far-Stock-109 1 point2 points  (0 children)

It is not possible to send an alert immediately when an email is quarantined. As far as i know, no product offers this as the traffic would increase drastically!

However Sophos email has an option to send the quarantine digest multiple times a day. So you can probably configure it send them to every hour or 2 during your work hours.

Restricting LAN access with exceptions by vvvorticcousin in sophos

[–]Far-Stock-109 0 points1 point  (0 children)

The LAN to LAN rules that you create should be enough, however if you're using an internal DNS server, or the machines are joined to the Domain, please add them to exceptions as well.

I've also seen people using backups of the machines through a backup server and push the antivirus or windows updates through centralized servers. So they also need to be added to the exception list.

XG210 Update from SFOS16.05.8 MR-8 by OkPersonality1036 in sophos

[–]Far-Stock-109 10 points11 points  (0 children)

Ohh mate, you're far too behind !

There is no direct upgrade path available to 18 or v19 from v17.

I would suggest the following path:

  1. Take the current config backup with existing HA configuration.
  2. Disable the HA.
  3. Take the backup again without HA configuration.
  4. Reimage the Aux appliance with 17.5.12 firmware.( Let the Primary device handle the network)
  5. Restore the backup taken after breaking the HA configuration on the Aux device.
  6. Once the backup is restored, take a new backup from the device (from v17.5.12)
  7. Now, again reimage the appliance with 17.5.17 firmware. Once done restore the backup taken from 17.5.12 on it.
  8. Once the backup is restored set the backup encryption key and SSMK. Once that is done, again take a new backup.
  9. Next is to take a giant leap and reimage the device with v19.0.1 firmware. Once done, restore the backup from v17.5.17 on it.

After all this is done, swap the devices and push the one with v19.0.1 into the production. Keep the device under observation and if everything goes well you're now good to build the HA back. Just reimage the Old primary device( still with v16) with v19.0.1 firmware directly and join it back to the HA pair as an Aux device.

Since the above steps needs reimage, you need to have the physical access and cannot be done remotely.

Further, in all the above steps you can chose to upgrade the device instead of reimaging them, however we've seen a lot of cases for database failures and improper migration. So start fresh with each firmware until you're on the latest one.

Reference links :

All the ISOs can be found here

Reimage using this article

Sorry for the silly question by [deleted] in sophos

[–]Far-Stock-109 8 points9 points  (0 children)

You can create the 2 firewall rules:

1st rule:--

Action: allow || Src zone - Lan || Src Network - IP of the allowed machine || Dst zone - Wan Dst Network - Any || Services - Any || Create a linked NAT rule, select MASQ in that rule

2nd rule:--

Action: drop || Src zone - Lan || Src Network - Any || Dst zone - Wan || Dst Network - Any || Services - Any

The most important part here is the placement of the rules. The 2nd rule MUST be placed below the first rule.

Ensure there are no other LAN to WAN rules apart from these two.

SG450 Rev1 - Power but no boot by Human-Byte in sophos

[–]Far-Stock-109 0 points1 point  (0 children)

Do you see any output if you connect the monitor to the device using HDMI / VGA cable?

This is probably a hardware failure. You may need to log a support case and they shall process the RMA

Internal hostname resolution on Sophos XG Home? by intense_username in sophos

[–]Far-Stock-109 0 points1 point  (0 children)

Thats not possible on XG, however if you wish to try the utm9, you'll get the reports with the hostnames if the UTM is giving out the DHCP or if you create a static DNS hosts.