Hi everyone, unfortunately I was not able to find a proper answer to this anywhere. I want to create custom IPS signatures specifically for known bad hosts, so I will receive a mail alert via the notification system. My current settings for one such…

Hi How come the default action for the IPS is to allow CVE-2021-26855 when detected? Both signature IDs 2305106 and 2305107 are set to allow packet.

Default IPS rule has defined: PROTOCOL-VOIP inbound 100 Trying message 20404 protocol-voip 1 - Critical Windows, Linux, Unix... Server Drop packet Thus the following is received: 2021-03-09 14:33:02IPSmessageid="07002" log_type="IDP" log_component…

Hi there We're seeing some IPS alerts with SID number 1170419080 - "SERVER-ORACLE Oracle MySQL sql_authentication Integer Overflow". How can i find more information about this? On Sophos UTM i can look up the Snort ID and the alert email usually contains…

Hello Community ! Do we have an IDS signatures for Port scanners like NMAPS ? we know that those programs can use different flags(RST, ACK, SYN, FIN...) while its scanning some services etc. Also can someone explain me whats means source and destination…

Hello everybody I have a question? I would like to know whether IPS policy is logical between two trustworthy networks (VPN client and internal LAN)? Or do I not need to use IPS policy in this case? Tanks

Hi Team, I am getting more than 80 mails on daily basis. Can some one tell me how I can resolve this issue. Device XG230 Alert ID: 7002 Message: OS-WINDOWS Microsoft Windows SMB Server SMBv1 CVE-2017-0147 Information Disclosure

We have an XG 550 rev. 2 configured with 2 different internet connections and a 10 gig fiber card for the LAN port. We have been experiencing DDOS attacks which we have an external service mitigating. What we have found is that at certain times during…

Hi folks, I have been streaming Amazon Prime Video for a while and still encountering issues with IPS. Any device streaming video from Amazon is put under a firewall rule having IPS enabled. Sometimes I am getting a lot of warnings of the IPS module…

Dear Sophos team and users, we're actually trying to add multiple content values to a custom IPS signatures rule, like it's indicated in manual, but when we are saving, a warning pops up to say that the rule isn't valid. example: content:"manager…

Hello, we have set this up for a remote location: So the same VLAN ID on both sides: behind XG and behind RED, same IP Subnet. Bridge Members, same Zone: This is already in production and working. the RED60 Users can work on internal ressources…

Hi all, I'm testing XG firewall as home user now in a side role (proxy) before putting it in as router. I have now v18.0.3. I could not find answers to question below. If IPS (Application Control) is configured in FW policy, does it work for: …

Hi, about Sophos IPS and recently hyped CVE Ping of death / bad neighbour: Snort has detections for the attack on CVE-2020-16898 / CVE-2020-16899 Those are: https://www.snort.org/rule_docs/1-55984 https://www.snort.org/rule_docs/1-55993 There…

Not sure where else to post this but I got an IPS alert yesterday that is coming from my Xbox One X. Not exactly sure what caused it. I turned on my Xbox One X for the first time in a few months, downloaded some system updates as well as some game updates…

CVE-2020-1472 Zerologon is about to go into the wild. Is XG able to detect those logon attacks with IPS?

Ive been using XG and UTM for a while now and have used RED a few times, but ive got a dedicated server now in the cloud and i installed XG on it for my edge firewall. I setup a red tunnel from my xg to that xg but i had a windows 2019 vm running on the…

I am facing a problem with IPS service when stopping it every thing is going well,when starting it youtube.com can't resolve and not opening even I can't ping it ,in the same time I can open any other site,the only change I did with IPs that I changed…

Firewall blocked an email. I do not understand why . Log: 2018-10-20 14:30:19IPSmessageid="07002" log_type="IDP" log_component="Signatures" log_subtype="Drop" ips_policy="" ips_policy_id="7" fw_rule_id="71" user="" sig_id="12597" message="SERVER-OTHER…

Dear All, I have configured DOS policy and I can see the packet dropped by the DDOS but where I can see the logs? I tried to find out in IPS, System, Firewall logs but no luck. Please help

Hallo, ich hatte bisher immer das Problem, dass sich die Filmtrailer auf meinem Apple TV (Gen. 3) nicht immer abspielen ließen. Hin und wieder hat es bei einem Film funktioniert und dann wieder nicht. Also geschätzt konnte ich ca. 90% der Filmtrailer…

I need to see if sophos (XG or SG) gather some requirements but I can't find information about IDS, can someone tell me if sophos (XG or SG) have IDS

Hi, We are planning for a big network (2500 Chrome OS Users) and I am asking a simple question about IPS configuration for the Chrome OS policies. There is no specific IPS signature for the Chrome OS in the XG firewall IPS (I didn't find on another…

Dear All, There is an action in the IPS policy " Bypass Session" and as per documents " Bypass Session - Allows the entire session if detects any traffic that matches the signature." and recommendation for the same is: "To save resources and avoid…

IPS Sophos XG DOS Protection What do you have set for your IPS / DOS protection i have tried the standard limits and also increased them and found traffic related issues not sure if found any issues with the XG or found a sweet spot. Obviously different…

I recently noticed some activity flagged as attacks on the XG Dashboard. Clicking on it indicated that the packets were allowed. I looked through the IPS policies to find the applicable rule, which was this one: Apple QuickTime traf Atom Out-Of-Bounds…