I have notice that the IPS and Application seem to not be working their is nothing listed in the logs of IPS and Application for the pass week no activity. I have tried nmap to try and trigger the rules of the ids and tried some of the applications…

Hello NG, We are using a Sophos SF SW/Virtual TotalProtect. For some days we have some problems with downloading PDF using Adobe Acrobat Reader. (Foxit Reader works fine) In the IPS section we had "critical" and major "selected". The downloads are…

Please check the attached screenshots. It's related to a bug/drawback in Sophos. Go to IPS Policies > Select a policy and click Add Try to search for "Malware" You will get "1807" results and you want to select all of them If you click the name…

Here are some logs of IPS signatures being blocked or detected. I'd like to allow them. How is one supposed to find which sigature is actually being tripped? Date / Time Signatures Drop username LocalIP :TCP(54850) RemoteIP :TCP(8080) 20 Date / Time…

Hi how can i disable the following entries in attacksreport? ICMP Ping ICMP Echo Reply ICMP Destination Unreachable Host Unreachable Why anybody by sophos mean this is an attack?

Hi, Anybody Facing the Issue after 6th May 2016 IPS definitions upgraded from 3.12.71 to 3.12.72. we are not able to open banking websites also other government website which contains login page. if you have workaround, please share us as soon as…

How do you disable snort_decoder rules? Like this: They don't show up in the Signature lists. I know how to disable Individual Signatures, but the decoder don't show up. I've even disabled the entire Misc category and it does not disable these…

The IPS continuously logs the detection of an ICMP ('host unreacheable') whose source is the firewall itself, marking it as reconnaissance attack. The ICMP is originated because of an host in one zone that trie to contact a switched-off host in another…

Hi! I'm trying to figure out why XG installation refuses LAN clients to make RDP or SSH connection to WAN servers. Whenever I try such a connection, the packet sniffer first logs a correct connection request (dest. port 3389, for example) originating…

I'm wondering how the modifiable IPS policies relate to the non-modifiable policies and what the recommendations are for using them. The first six seem clear enough (DMZ TO LAN, LAN TO WAN, etc.), assuming you have these standard zones set up, and I assume…

I think this is a false positive as the number of 'attacks' are pretty low and it is going to two AWS ip addresses. How do I determine if this really is a false positive and fix this? Thanks!

I am having an issue with my Voice VLAN traffic apparently getting dropped in the IPS logs at least according to what I am seeing? How do I prevent this traffic from being dropped? I have the static route in place. 2016-02-08 14:09:05 …

Hi! Does anyone if I can completely disable IPS for LAN->VPN traffic? I'm running a network monitoring tool which pings a few dozens of hosts inside my LAN and the XG somehow identifies this a network attack / intrusion, resulting in about 1000 "reconnaissance…