This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Web Appliance SMBv1 Dependecy.

Hi,

I would like to ask:

Would there be any development in Sophos Web Appliance that supports SMBv2 or above?

A friend of mine disabled the SMBv1(in response to the Wanna Ransomware)  that makes the Active Directory integration no longer work.

They are also aware of this KB.

https://community.sophos.com/kb/en-us/126757

 

Thanks,

tech



This thread was automatically locked due to age.
  • We are in the process of upgrading the SMB/AD integration components on the Web Appliance and will be publishing an update to the product as soon as that work is complete and fully tested. This will allow the SWA to connect to AD services that have disabled SMBv1.

    We hope to do this before the end of July.

  • This SMBv1 dependency is puzzling me.

    We have disabled SMBv1 at the very moment SMBv2 appeared (hear me cough) more than 10 years ago ... It was not because of wannacry. It was because everyone knew already then SMBv1 was a security non-sens. Heck, we knew this was as such well before 2000 ... And if we compound SMBv2 was due, very late, and already outdated when it was released ...

    Sophos knows SMB v3 (knowing 3.0 is actually 2.2) is at its fourth iteration ?

    Jesus help us !!!

    Paul Jr Robitaille

  • Ok ...

    No Sophos fix on the horizon.

    Would it be possible to at least publish a guide to harden networks (assuming an hypothetic basic and simple network) as much as possible in such a regrettable situation ?

    What needs to have SMBv1 re-enabled ?
         Domain controllers ?
         File servers ?
         Database Servers ?
         Desktops ?
         Anything that access Sophos Firewall ?
         Anything that access Sophos WEB gateway proxys ?
         Exchange servers with or without Pure Message ?

    What Windows Firewall rules can we push (via or not GPO) to have such a non-sense limited as much as possible ?
         Inbound rules ?
              On which machine ?
                   DCs, Desktops, anything else ?
         Outbound rules ?
              On which machine ?
                   DC, Desktops, anything else ?

    A starting point here. Scroll down at third post from M. Andy Pan.
    https://social.technet.microsoft.com/Forums/en-US/6cdee681-7f92-4562-be36-539f458fda58/firewall-rules-to-allow-smb1-to-specific-ip-addresses?forum=winserverNIS

  • Rollout of v4.3.3, with SMB v2 support, started this week. We are rolling it out gradually to customers over the next few weeks.

  • I've noted that already 2 days ago.  

     

    Gradually meaning randomly, or meaning Sophos targets particular hardware or OVA first ?

     

  • All our SWA releases are published to appliances in stages, with each stage making the release available to larger groups of customers. Group selection is pretty much random, although we generally use the same groupings across a number of releases.

  • 4.3.3 installed on both of our WEB Gateways.  Authentication to domain still fails.

     

     

    Same errors including "No Netlogon" share found.  Worry not, the share is there ...  

     

    Any firewall rules to setup on DCs and Desktops to make 4.3.3 work ?

  • I have just shutdown the firewall on all of my DCs to test connection.  Same errors.

  • Can you please enable Remote Assistance and we'll connect to your SWA to investigate.

  • Done.  Both appliance are enabled to support.  Case open.  Support can reach me by phone anytime tonite and tomorrow.