I'm getting thousands of these a day, most times (99.99%) with internal sources, sometimes with an external source.
Firmware is 17.1.3 MR3
This thread was automatically locked due to age.
I'm getting thousands of these a day, most times (99.99%) with internal sources, sometimes with an external source.
Firmware is 17.1.3 MR3
I saw that KB article yesterday, but since I never used a version pre 17.x the notifications are enabled for all devices at our customers. The screenshots above are from a customer with 4 employees, we are talking about a network with 26 devices.
Gruß / Regards,
Kevin
Sophos CE/CA (XG+UTM), Gold Partner
The KBA is pointing about the fact of invalid traffic after V17.0 - not pre V17.0
Checked all my appliances, none of these are showing those alerts. But i use a timeout value of 24 hours.
__________________________________________________________________________________________________________________
Just wanted to point out that I don't know that issue on my other XG appliances. Since I had another problem with that device I wanted to do a firmware downgrade, which resulted in losing most of it's configuration. I configured the same rules and IPS configuration on 17.0.9 and until now (2 days) everything is OK, not a single "Reset outside window"...
Gruß / Regards,
Kevin
Sophos CE/CA (XG+UTM), Gold Partner
Hi,
After upgrading the firmware 17.1.3 MR-3, i got the same issue above. IPS shows many records related to TCP connection. I scanned virus for all the related devices but don't find anything. The most affected OS are iOS and macOS. I feel annoyed about this issue, how to fix it.
Best Regards,
Hi Nghia NT
Apologies for this inconvenience,
FloSupport said:If you (or any other community users) are affected by this issue, please raise a support case and PM me with your case ID for further investigation.
I am currently following up on this issue with our support team.
Regards,
To update our community,
This is being investigated under the issue ID: NC-39687
We will publishing more information shortly, please stay tuned.
Regards,
Hello, After I have solved some of the IPS errors with the update 17.1.3 for me once I have with some appliances in the LOG still the message "Reset ouside Window".
After a few tests of the configuration and comparison of the rules I noticed the point in the CLI.
On the left side I do not receive the message in the IPS log. In the right today already 7k.
the difference would be "Detect_Anomalies" and "TCP_Block"
Is this just an information or a value that you can edit? And if so how? Would like to test it with a smaller appliance on which I also get this error.
And just for information: The 2 appliances are completely the same configuration, both are each behind a SG with also identical configuration.
Would be great if someone has an idea about it. Then I could test this.
Thanks and best regards
best regards,
Pascal
IT-SECURITY CONSULTANT
Certified Architect - XG | UTM | MOBILE
I thought so too.
I tried it with "set ips_conf update key DETECT_ANOMALIES value no". The IPS then restarts and reports "successfully updated".
Unfortunately, the value of "show" remains the same.
Would have been just such an idea because it is on the one appliance which receives no IPS messages just different and these values are not even present in the version 17.0.6
Thanks in advance and best regards
Pascal
best regards,
Pascal
IT-SECURITY CONSULTANT
Certified Architect - XG | UTM | MOBILE
You took the wrong path. Do not use update and ips_conf. Instead use ips.
console> set ips tcp_option detect_anomalies disable
__________________________________________________________________________________________________________________