We'd love to hear about it! Click here to go to the product suggestion community
Just upgraded my HA pair from 17.06 MR-6 to 17.08 MR-8 and now I am being flooded with syslog messages about every site visited as having a virus. I have had to uncheck the "Scan HTTP" and "Decrypt & Scan HTTPS" options from all my firewall rules to stop the barrage of messages. I have tried restarting the Web Proxy, Anti-Virus, and IPS services on the firewall, but that did not help any.
Any suggestions or am I looking at a phone call to Sophos support?
try with another system otherwise recommended to book a call with Sophos team and share the output in the community as well.
I have the exact same problem on an XG135 which I explained there: https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/103333/all-http-traffic-blocked-unable-to-update-firmware-or-paterns
I gave a call to Sophos Support, they have the access on the Firewall since the 11th June and I still have no followup.
Pretty much I was getting the following. Hundreds of sites being detected as malware every minute.
Just got off the phone with Sophos Support. It looks like there is an issue with the Sophos anti-virus scanning engine. We changed it from Sophos to Avira and the issues went away.
Its not a fix, but a work around. They also recommended a reboot of the firewall during a maintenance window to see if that helps at all.
In reply to CityLee's Summit:
Yes I already noticed that replacing the scan engine from Sophos to Avira stopped the bug. But as you said it's not a fix but a workaround.
I'm still waiting them to call back me with a final fix.
I already rebooter the firewall which has the issue and downgraded the firmware to MR6 and the problem is still present in my case.
In reply to VikenNajarian:
I had toyed with the idea of downgrading. Good to know that rebooting or downgrading doesn't fix the issue. I have an HA pair, and I may switch to the other unit to see if the problem exists in that unit as well.
I forgot to mention that Support was escalating the issue to their Engineers, so we will see what happens.
In my case the Firewall which has the issue is unable to check for new firmware or new pattern updates from the GUI.Do you have the same issue too ?
I just gave both (firmware and pattern updates) a try and they were successful.
Ok so we don't really have the same issue, because on this firewall I'm unable to check for firmware or patterns update anymore.