Good morning everybody!
I have many IPS alerts, is that normal?
And not all of the victims IP's are in my network!
I use LAN_TO_WAN standart IPS policy!
This thread was automatically locked due to age.
Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.
Good morning everybody!
I have many IPS alerts, is that normal?
And not all of the victims IP's are in my network!
I use LAN_TO_WAN standart IPS policy!
Hi Meghan,
Make sure you don't have the SSH and HTTPS access open for the WAN zone in Administration | Device Access. It is recommended to uncheck these access to the XG when it is not used.
Alongside, verify that the IPS patterns are up2date. This is also caused when you have hosted a server through DNAT and external attempts to access this servers are blocked by the XG.
Thanks
Sachin Gurung
Team Lead | Sophos Technical Support
Knowledge Base | @SophosSupport | Video tutorials
Remember to like a post. If a post (on a question thread) solves your question use the 'This helped me' link.
Hi Meghan,
You may need to check the packet capture for the destination address in the intrusion list. You may find that your local host access some sites that have such vulnerability due to the outdated Web server. This does not indicate that your system is compromised and may need to investigate which URL or sites your host accessed and the reply from the server is logged by IPS policy.
Regards,
Aditya Patel
Global Escalation Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'This helped me' link.
Hi Meghan,
You may need to check the packet capture for the destination address in the intrusion list. You may find that your local host access some sites that have such vulnerability due to the outdated Web server. This does not indicate that your system is compromised and may need to investigate which URL or sites your host accessed and the reply from the server is logged by IPS policy.
Regards,
Aditya Patel
Global Escalation Support Engineer | Sophos Technical Support
Knowledge Base | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'This helped me' link.