We'd love to hear about it! Click here to go to the product suggestion community
I'm getting thousands of these a day, most times (99.99%) with internal sources, sometimes with an external source.Firmware is 17.1.3 MR3
In reply to Pascal G:
Basically you can change those values.
Simply replace show with set and try to "doubletab" through the config.
In reply to LuCar Toni:
I thought so too.
I tried it with "set ips_conf update key DETECT_ANOMALIES value no". The IPS then restarts and reports "successfully updated".Unfortunately, the value of "show" remains the same.
Would have been just such an idea because it is on the one appliance which receives no IPS messages just different and these values are not even present in the version 17.0.6
Thanks in advance and best regards
You took the wrong path. Do not use update and ips_conf. Instead use ips.
console> set ips tcp_option detect_anomalies disable
Ahhh thanks :) It had tried so because it was not displayed to me with tab as an option.
But that actually seems to cause it. After the change no "Reset outside window" messages in the IPS log.
Now set up your own IPS rules for existing firewall rules and then that's ok.
Thank you and best regards
solution in the KB article ;)
To be clear, this is a temporary workaround, not a solution.
In reply to ken9000:
This issue is scheduled to be fixed with the upcoming SFOS v17.1.4 MR-4 maintenance release.
In reply to FloSupport:
For sure - I only wanted to clarify the temp adjustment is only that, a temp adjustment. Will we have to un-do that temp adjustment after updating to the new maintenance release?
Nope, no further actions should be needed after upgrading.
SFOS v17.1.4 MR4 released and can retrieve from MySophoshttps://community.sophos.com/products/xg-firewall/b/xg-blog/posts/sfos-17-1-4-mr4-released
Still have this issue for v17.5 and v17.1.4 MR4. I had to disable detect_anomalies on console. Isnt this issue was going to be fixed in 17.1.4 MR4?
In reply to Emir Şener:
Yes, this option should be disabled by default on v17.1.4 MR-4 moving forward.
Was your issue resolved after manually disabling it via the console command? Or is it still persisting?
Issue resolved after manually disabling it, not with the v17.1.4 MR-4 update.
Not sure if this thread moved to a different thread or not, but I am getting this issue.
OS:SFOS 17.5.1 MR-1
I have not manually disabled it via the console.
Is there an updated KB article for this issue?
In reply to LucasAlexander:
This KB article is the current status for this issue.
Could you please verify if the setting is disabled by default in your console?