Sophos XG Firewall - Anyone Using?

577
2
11-20-2020 12:34 PM
danbecker
Regular Contributor

We recently switched to a Sophos XG Firewall and are having tons of issues with simple "port forwarding" to our ArcGIS Enterprise base deployment. We've worked with Sophos Support - professional services for hours and it's a mystery why users cannot download offline areas using Collector.

Firewall rules are properly configured, all security/packet inspection is disabled, ect. and the download still fails. It appears that the ESRI basemap download does not traverse our firewall, but after authentication, goes directly from ESRI's basemap service to the Collector Client. Something with this download is causing an issue with our XG Firewall.

As soon as we switch to our former firewall platform, pfSense all works as expected, no problems.

I guess I'm just wanting to hear from the GIS community if anyone is using XG Firewall out there.

0 Kudos
2 Replies
VickyS
by
Occasional Contributor

Hi Dan

We are having issues getting Collector Classic to login & sync via a Sophos XG Firewall. Which version of the app are you using? It would just be useful to know if anyone has it working.

I'm not sure I can help with the base map problem . We sideload TPK's to the devices at the moment.

Thank you

Vicky

0 Kudos
danbecker
Regular Contributor

We ended up getting everything working, it was a DNS issue for us. We had a DNS host record added that resolves all traffic for external.domain.com to the web adaptor LAN IP. You HAVE to check the "reverse DNS" option on that rule. Like magic, map downloads and syncs started working.