I'm getting thousands of these a day, most times (99.99%) with internal sources, sometimes with an external source.
Firmware is 17.1.3 MR3
This thread was automatically locked due to age.
I'm getting thousands of these a day, most times (99.99%) with internal sources, sometimes with an external source.
Firmware is 17.1.3 MR3
This is new to me. But as far as i can see, this seems to be the same type like invalid traffic on XG.
https://community.sophos.com/kb/en-us/131754
Try to increase the Timeout value and keep an eye on those alerts.
Open up an Support Case to get an "official" answer to it.
__________________________________________________________________________________________________________________
Thanks for the reply. ill give the timeout change a try. I am getting more of these showing now. All are TCP related. The connections appear to be to CDNs
I saw that KB article yesterday, but since I never used a version pre 17.x the notifications are enabled for all devices at our customers. The screenshots above are from a customer with 4 employees, we are talking about a network with 26 devices.
Gruß / Regards,
Kevin
Sophos CE/CA (XG+UTM), Gold Partner
The KBA is pointing about the fact of invalid traffic after V17.0 - not pre V17.0
Checked all my appliances, none of these are showing those alerts. But i use a timeout value of 24 hours.
__________________________________________________________________________________________________________________
Just wanted to point out that I don't know that issue on my other XG appliances. Since I had another problem with that device I wanted to do a firmware downgrade, which resulted in losing most of it's configuration. I configured the same rules and IPS configuration on 17.0.9 and until now (2 days) everything is OK, not a single "Reset outside window"...
Gruß / Regards,
Kevin
Sophos CE/CA (XG+UTM), Gold Partner
We are getting thousands of these per day as well. I suspect it was affecting functionality on some of the sites our users visit. They were complaining of intermittent time-outs. Support was able to change IPS to "detect" versus "drop" somehow in the CLI even though IPS was diasabled on the rules in question. He seemed to realize quickly it was a known issue and escalated my case after grabbing some logs. v17.1.3 MR-3