Hello everyone, Since yesterday, we have been experiencing a consistent IPS alert from our firewall (XGS Vers. SFOS 20.0.2 MR-2-Build378 ). The affected connection is between our email gateway/proxy in the DMZ and our mail server. Every 30 minutes…

hello, I got this intrusion attempt for the first time. just don't know what to do. I looked for any recent downloads and browsing history, and asked the user if he plugged any device to the computer but nothing suspicious found. this is a screenshot…

hello, Alert Message: Message: SERVER-WEBAPP Arcadyan Routers CVE-2021-20090 Path Traversal Attempt I got this Alert today, and the attacker is one of the company's computer, I read an article about this vulnerability…

Dear Member I hope this message finds you well. I am currently encountering a significant amount of network traffic related to the Attack-FILE-IMAGE ImageMagick SyncExifProfile Out Of Bounds Array Indexing alert. the firewall ais detecting and dropping…

I found https://community.sophos.com/sophos-xg-firewall/f/discussions/110856/default-ips-policies/397166?focus=true, didn't help. Sophos pre-packages some IPS policies by default. Without having to go through each of them with a fine toothed comb, is…

Cannot send Viber attachment on desktop version but successful on mobile version. Just migrated from XG210 to XGS2100 with latest firmware SFOS 20.0.1 MR-1 Build 342. No problem in fresh setup on XGS2100 both desktop and mobile version on Viber. Thank…

Hi All Ive spent some time on the Sophos documentation but I'm unable to get to an answer via the available online resources. I have a firewall with a few basic rules. Unrestricted internet policy - less web and app filter restrictions based on…

Hello, Im doing some POC to chose the best firewall that have a good NGIPS. The default IPS profile was not able to block Impacket, psexec or any other Windows RCE. How can i made the IPS policy more strict for a LAN to LAN policy.

We have some customers who use quite sensitive software. We have had repeated session drops with one customer (always at noon on Tuesdays -GMT-) The IPS patterns are said to have been updated at this time today. IPS is only active for some external connections…

Hello Community, one of our customers requested whether we could block internet access for powershell in order to prevent sideloading of any malicious modules or scripts. On the SG firewall, I already tried adding an application block rule for…

hi, can you please show me a template for DOS best practices and proof protection

How to block applications such as advanced ip scanner from scanning the network? my product is sophos xgs 2300

We have XG210 with SFOS 19.5.4. I've noticed ips.log filling up /var partition till there is no free space on disk and it causes device to boot into fail-safe mode. Stopping IPS service stops log file from growing but when I restart IPS service, this…

Hello Community Members, I want to enable DoS & spoof protection in my Sophos XGS2100. But, To enable it for all the hosts there will be a lot of trusted MAC addresses so adding them manually is a time-consuming process. So I came across this article…

Hi Sophos community any solution for this issue. Message: SERVER-OTHER multiple products blacknurse ICMP denial of service attempt

Need help with this issue in sophos Message: SERVER-WEBAPP SNIProxy new_address Stack Buffer Overflow

In the Sophos Central Report Generator (IPS Report Template), there is a column for Log Subtype we noticed that most of the values are "drop" however there are a few rows with values "detect". Does this mean did Sophos IPS allowed this traffic? If ever…

For some time, we get the following IPS Log Messages: Example 1 2024-01-16 12:12:20 IPS messageid="06001" log_type="IDP" log_component="Anomaly" log_subtype="Detect" ips_policy="" ips_policy_id="0" fw_rule_id="140" fw_rule_name="x1" fw_rule_section…

Hi team I am getting this alert frequently from the firewall. please help me to resolve this

Hello, I have this alert today: intrusion prevention alert, but i don't know how to check or to diagnose this

I have many IPS reports of this type: "IPS SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 CVE-2018-20062 Remote Code " I don't understand if these attempts are effectively blocked, then in general do you have any recommendations to mitigate this vulnerability?

stupid question, I know, but honestly: what is the benefit of the Xstream protection when you decide not to break TLS sessions at all (besides mail filtering)? Will someone earn any higher protection level with all these features activated without breaking…

Is EXPloit Protection, work Out of the Box? Now I Find ‘ Detect and prevent exploits (IPS)’. lantoWan- general policy Which I’ve enabled. Is That the full extent of it, and A feature that Works under the Hood? Is There Any solid inFormation in XG, and…

Hi everyone, I have two firewalls connected by a dark fiber on a SFP port, the two main LAN networks are 192.168.1.0/24(FW1) and 192.168.0.0/24(FW2). In both firewalls there is a rule to allow all traffic between the two subnets, so the source and destination…

Because the online-help is pretty useless regarding this question: What is the difference between the policies on top and the last ones (in small letters)? What are better? Why double build-in?