Is there a service in Sophos XG that automatically blocks the ip of the client that is trying to brute force access a web server?
That is, if there is, what can be an effective way to prevent brute force attacks on, for example, an apache server that provides services on the internet?
You use WAF and IPS settings.
Is there any faq of KB how to create IPS rule. For example I need rule for blocking SMTP/IMAP login to mail server.
are you asking about external access to your mail server? Why if you want to block access to your mail server is it exposed to the internet?
You can use firewall rules rather than IPS signatures.
We host own mail server. Problem is that we re getting a lot of brute force attacks.
Is it a range of ip addresses or always the same. You can use dead end type rule that sends the traffic to a non existent IP address.