We'd love to hear about it! Click here to go to the product suggestion community
Does this generate an alert in your sophos for a LAN-WAN Preset IPS policy?
There is any other way to test if it's working? in my case is not generating any alert and it should.
I have everything properly configure, is not the first time I deal with an IPS (suricata/snort) or Sophos XG
I am not familiar with this page. How does it actually test your IPS?
those sort of alerts appear to have been broken since MR-4.
In reply to LuCar Toni:
It's like an EICAR test for an AV but for an IPS/IDS
In reply to rfcat_vk:
I wonder how many things are still broken and need to be fixed.
The firewall side of XG is quite limited in features and options available to configure vs the competition and the security aspect is a mess, it looks like a poor implementation of the snort engine.
I already move to pihole as DNS forwarder since the one in Sophos is so limited and probably I will end up doing something similar with the IDS/IPS and will move to SELKS (Suricata+ELK) https://www.stamus-networks.com/open-source/ or a plain suricata with evebox
NGFW lol, maybe in v19
In reply to l0rdraiden:
Could you list out what you mean by the XG being "limited in features and options available to configure" and how the "security aspect is a mess, it looks like a poor implementation of the snort engine".
It helps to have structured information regarding these kind of things because if it is something that needs to be actioned it needs to be looked into as soon as possible.
In reply to EmileBelcourt:
Have you ever use a Fortigate or a Palo alto? even the firewall part of pfsense is stronger, where start...
For example this simple rule cant be configured. All the traffic from any IP in the LAN where destination port is 53 fordward it to this internal IP.
For example doesnt' support any DNSSEC DoT or DoH
Notification (not the ultra basic thing we have now)
I can't load black lists of DNSBL or IP's
Sophos Ideas forum is plenty of basic things not implemented
I see some of your points and i have used a Palo Alto/Fortigate, well mainly to displace them.
If you're willing to delve further into why you think the XG is a security risk/lacklustre security appliance it would help Sophos with what they're doing.
I have already posted most of my request in Sophos years ago ideas but as an infosec engineer perspective I miss here
Sophos without this won't have a position to hold in any costumer with a CISO and a security team behind.
I have seen the roadmap and look promising but none of this features will be available.