Hi
From time to time our firewall (not Sophos firewall) detects more false positives than I like. Today I found this entry in my firewall log:
"msg="Gateway Anti-Virus Alert: ConvertAd.AFU (Adware) blocked." src=13.33.76.208:80:X1 dst=192.168.110.40"
192.168.110.40 is the IP of my Sophos SEC server. I expect the server 13.33.76.208 to be one of the servers my SEC server download Sophos updates from?
I am looking for a DNS entry I can use in my firewall to exclude traffic between my SEC and the Sophos infrastructure from anti-virus check in the firewall – ex download.sophos.com. At the same time, I will (in my firewall) block traffic from my SEC to all other external ip-addresses.
In this way SEC server can communicate only with the Sophos infrastructure and this traffic will not be interrupted by the firewall.
That means I need a DNS sentry that will include all IP addresses used for communication between my SEC and Sophos infrastructure.
What is the DNS entry used for Sophos updates? (updates.sophos.com? download.sophos.com?)
PS: It would be nice to know the address used by my PCs for the "Secondary Server" as well. In my C:\programdata\Sophos\AutoUpdate\Config\iconn.cfg it is listed http://es-web.sophos.com/update/ but this server don't have a DNS entry.
Thanks in advance.
BR Harald
This thread was automatically locked due to age.
