User computer using OpenDNS DNS and firewall keeps producing these alerts

Question

Keep receiving Sophos Critical Notification Alerts emails for Intrusion Prevention Alerts 
 
 We use OpenDNS DNS Host Servers as our primary dns and secondary dns. All these alerts are all outbound traffic from desktop computers to OpenDNS DNS Host Servers with IPv4 208.67.222.222. This is a snapshot of the Sophos XG330 Firewall Log Viewer.

cromwell uy · Answer

Thank you guys for providing your insights and opinions to these matters. I did create a new firewall for OpenDNS after my communication with OpenDNS technical support. Based on them, these are all valid inbound traffic to their OpenDNS DNS hosts 208.67.220.222 and 208.67.222.220. 
 I also asked for their recommended firewall rules for their services and here are the url links provided to me: 
 
 https://docs.umbrella.com/deployment-umbrella/docs/2-prerequisites-1 
 https://docs.umbrella.com/deployment-umbrella/docs/2-prerequisites-update 
 
 I then created a firewall rule for OpenDNS with the recommend TCP and UDP protocols. Seems to be all working and no more of never ending cycles of False-Positive IPS Notification Alerts.

FYI: I did try enabling Web Proxy and it did also works. However based with my understanding, DPI is newer and better way of security features for web services. 
 Reference To Techvids: https://techvids.sophos.com/watch/uCC7QqkYcTJtLiBMNhZV32