Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Zero Attacks from January 13th

Hi All 

We have migrated our Cyberoam to XG 135 recently.  We have had logs of network attacks blocked in the Sophos console till January 13th  and after that  till today  Zero Network Attacks 

 

This s bit confusing to me as we were blocking many/day before that date, and all on a sudden the log showing Zero Attack prevented.  Surely , I dont like to see any attacks, but i want to know whether there is no Attacks or some thing not working in my firewall 

I have double checked, IPS policy is enabled on all the rules, 

IPS module is enabled and working on the firewall 

IPS signature updates are up to date 

 

Current Firmware is SFOS 17.5.9 MR-9

 

Pattern
Current version
Available version
Last successful update
Status
AP Firmware
11.0.009
-
06:24:00, Oct 30 2019
Success
ATP
1.0.0282
-
08:39:30, Feb 10 2020
Success
Avira AV
1.0.406078
-
23:14:51, Feb 15 2020
Success
Authentication Clients
1.0.0019
-
19:09:49, Dec 16 2019
Success
IPS and Application signatures
9.16.77
-
13:15:09, Feb 15 2020
Success
Sophos Connect Clients
1.4.001
-
14:32:34, Oct 24 2019
Success
RED Firmware
2.0.018
-
06:23:43, Oct 30 2019
Success
Sophos AV
1.0.15237
-
23:15:07, Feb 15 2020
Success
SSLVPN Clients
1.0.007
-
13:13:38, Jan 07 2019
Success
WAF
1.0.0006
-
13:13:37, Jan 07 2019
Success

Client AV was Symantec End Point Protection  and  We are in the process of changing them to Sophos End point Client with EDR 

 

I have taken the support call and the Support technician is saying that  the network Attacks are nil. 

 

 

Below are my last month Intrusion Attacks Log 

Does any of you have such issues before?, How did you rectified them 

 

Please give me a solution 



This thread was automatically locked due to age.
Parents
  • Hi  

    If there is no new attack detected by the IPS engine, it will not display the same on the dashboard or in the logs or reports.

    Please go to IPS module in Log viewer and check

    Please also let us know that why you suspect that there are attacks but they are not getting detected by Sophos XG firewall, do you have any other reports or data which can point the same.

    Please make sure that you have enabled the "Log Firewall" in the firewall rule. Please also check the article - https://community.sophos.com/kb/en-us/123183

    Regards,

    Keyur
    Community Support Engineer | Sophos Support
    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • @ Keyur

    All settings seems to be fine  here 

    All firewall Rules enabled with IPS  and logged firewall traffic. 

    As I said, XG was blocking couple of attacks to my Email Server which is behind the firewall and to few Desktops everyday 

    All these stopped in a day, making me suspicious as i havent done any remediation action  on the network yet

     

    regards

     

    suman 

Reply
  • @ Keyur

    All settings seems to be fine  here 

    All firewall Rules enabled with IPS  and logged firewall traffic. 

    As I said, XG was blocking couple of attacks to my Email Server which is behind the firewall and to few Desktops everyday 

    All these stopped in a day, making me suspicious as i havent done any remediation action  on the network yet

     

    regards

     

    suman 

Children