Configuring VPN Remote Access for the first time on your Sophos XG Firewall? Check out this useful Community post!
Advisory: Sophos XG Firewall - Antivirus service stopped due to failed pattern update. Please visit this KBA for the latest updates
We'd love to hear about it! Click here to go to the product suggestion community
UTM 9 shows a Botnet/command-and-control traffic detected in Advanced Threat Protection.
When I select the threat it takes me to the Advanced Threat Protection screen showing me the event, ip address, threat name, destination but no date.
How do I identify if this is a recent current threat or just an old one that needs to be cleared out?
This is for an SG430.
You should check Advanced Threat Protection and Firewall logs in the UTM. Please navigate to Logging & Reporting > View Log Files > Today's Log Files or check archived log files. You should also be able to see that in your Daily Executive report if you've configured one.
I guess my concern is that it appears that 'Management >> Notifications' has not been configured.
Please show a picture of what you're seeing in WebAdmin so that we can suggest a command-line approach that will simplify the search for the origin.
Cheers - Bob