How to setup Network attack protection

Question

Hello All, 
 I am a newbee to XG, but have been using UTM9 for some years. In UTM9, I could see a number of attacks being dropped every day. After I changed to XG (version SFVH [SFOS 20.0.0 GA-Build222]) I do no longer see any attacks. 
 I have activated IPS Protection, currently with 1 firewall rule using IPS (The malware backdoor blocking), and both active threath response feeds MDR and X-Ops, active as well. Both with Log and Drop. Still I do not see any entries in the dashboard, logs or any reports. 
 I created the Malware Backdoor rule, following one of the youtube videos from " Sophos XG Firewall || Complete Tutorial || Hands-on LABS from Noor Nerworks". 
 I have more or less the same needs as Hau Lin describes in his 6 year old post "I need help with XG Configuration for my home network", but the screenshots JesseB is referring to in his answer, are just small icons, and when i click them, I'm told I do not have permission to view this directory or page. 
 Now, it might be that my new XG firewall is actually protecting me against network attacks, just by activating IPS, MDR and X-Ops without any further rules than the standard, but in that case i do not see any result of this, and consequently do not feel safe. 
 I have the same insecure feeling relating to intrusion prevention, of which my old UTM9 stopped guite a few, as none shows up in the logs or reports. 
 I hope to find out how to setup my XG so my network is as secure as I felt it was with the UTM9, and I have been thinking about putting back in operation my UTM9, just as the second in line from the XG, before my switch and all the computers behind it. At least until I feel certain the new XG is doing just as well. 
 I know the XG is far more advanced than the UTM9, and I hope to one day get to a point where I can enjoy that, but for the moment I hope some of you experts can help me, by explaining the simple things, or point me to descriptions / videos that is going through the basic setup needs, to have the XG perform the same protection as I felt I had with the UTM9. 
 And just for the record: It is the free evaluate version, active to 12.31.2999, running on a Lenovo M82, intel i5 with 8gb ram. It is not registered with Sophos Central. I tried to, even got a Sophos central username, but when trying to logon, I realized I need some kind of app on my phone, to allow access and I never found out which it is. 
 Best regards 
 Soren

Soren Jensen · Accepted Answer

Hi Barat J, 
 Thanks for your response and proposals. I will look carefully through them and try to figure out what to use and how. 
 However, there is a lot of things in it I 'm not sure about how to do. For example: 
 IPS 
 
 It is recommended to apply IPS policy in WAN to LAN firewall rules for servers hosted in the network to protect them against known and unknown attacks. It sounds right, but how do I do that ? 
 
 Antivirus 
 
 Configure the Sophos Firewall to disallow access to HTTPS websites with invalid certificates. Again, How to do that ? 
 
 Antispam 
 
 Configure the Sophos Firewall to &ldquo;Accept&rdquo; oversized emails to avoid dropping of emails that might be useful. 
 Configure the Sophos Firewall to verify the IP Reputation of senders of all emails to improve Antispam performance. 
 And for both these points: How is this done ? 
 
 I'm sorry to appear as a complete fool with these questions, but that is actually how I feel. Everything is completely different to what I've been used to in UTM9, and though I do recognize the usefulness of the many different configuration options, I feel lost because I lack the understanding of many of the basics, behind it. 
 As I mentioned in the beginning, I'll look carefully into it and try to figure out what and how to do, and to get the hang of the basics and I promise I'll return to rate your answer, once I know the real value of it. 
 Kind regards 
 Soren

rfcat_vk · Answer

Hi, 
 The XG licence for home users expires in 2999 and is always in evaluation mode. 
 The general internet access IPS policy should be applied to LAN to WAN, If you are using a server that is accessed from external sites, than you ned to consider using a WAF, check the KBAs. 
 Anti-virus. Web - General settings you will see a number of items you can set. 
 Anti-spam, some of these settings only work if you have a mail server. You also need to create a firewall rule where you set the mail filtering applications you want scanned. 
 Some of your other items require a subscription. 
 Sophos central requires you to create an account,, you do not need an application on phone it is web browser based. For a home user it is free with limitations eg only stores 7 days of history and reporting is limited. 
 Feel free to ask more questions as you work your way through the KBAs provided. 
 Ian

Bharat J · Answer

Hi S&oslash;ren Jensen 
 Refer for Sophos Firewall: Best practices and Protect your Sophos XG Firewall Best Practice . 
 Regards

How to setup Network attack protection

Top Replies