Hello, I have this alert today: intrusion prevention alert, but i don't know how to check or to diagnose this

I have many IPS reports of this type: "IPS SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 CVE-2018-20062 Remote Code " I don't understand if these attempts are effectively blocked, then in general do you have any recommendations to mitigate this vulnerability?

Good morning, I have a problem regarding the configuration of certain rules at the Sophos Firewall level. It is impossible for the local partner to filter me on all smartphones connected to the network, a ban on all applications except Microsoft applications…

stupid question, I know, but honestly: what is the benefit of the Xstream protection when you decide not to break TLS sessions at all (besides mail filtering)? Will someone earn any higher protection level with all these features activated without breaking…

Dear all, We are having XG450 Firewall in High Availability and the we have the latest firmware installed... We are facing Microsoft Teams call is disconnecting intermittently under our Sophos XG450 Firewall. I tried all the following settings for the…

Hallo @all, regarding https://community.sophos.com/sophos-xg-firewall/b/blog/posts/generative-ai-policy-enforcement-with-sophos-firewall is there any way to use the new application category for the web policys? Application filtering only allowing allow…

Today our XGS started reporting ATP sources blocked without a Host Name, IP, or Threat. There is also no information under Monitor & Analyze > Reports > Network & Threats: Advanced Threat Protection How do I go about tracing down the issue? …

Hi, we have a SFOS 19.5.3 MR-3-Build652 and since few weeks, when the ips update the patterns, the sophos firewall drops all the packets for 30s. It will never do that before . Is this a bug ? Thanks Regards,

want to block browser based extension vpn

Our company allowed Facebook Messeger as messaging app but we are having hard time to allow page of Facebook two-factor authentication page without allowing the whole Facebook website.

1. I created a Decryption profile name DELETE and choose reject on compression and all other option. certificate error block all algorithem and authentication all block block action reject. 2.Applied to my device ip as source network to WAN all…

We have active application control at a customer. Different application rules were created for this. For example, a rule in remote maintenance applications such as B. Teamvier are allowed and a rule which allows file transfer services (e.g. Dropbox).…

Is EXPloit Protection, work Out of the Box? Now I Find ‘ Detect and prevent exploits (IPS)’. lantoWan- general policy Which I’ve enabled. Is That the full extent of it, and A feature that Works under the Hood? Is There Any solid inFormation in XG, and…

Whenever I click Apply in ATP, I can see the spinning circle and after some time the message " The operation will take time to complete. The status can be viewed from the "Log viewer" page ". It does not matter if I change somethin, add hosts or whatever…

Good day I have a Sophos firewall XG 310 V 19.01, The firewall is at the HQ, and there are MPLS sites connecting to the head office. we are using Microsoft 365 The problem is, we are failing to open Sharepoint and Onedrive from the MPLS sites. But…

I'm having an issue with the Sophos Application Control in regards to TikTok. Yesterday I read several Sophos articles regarding this and it seems like I am beating a dead horse. At first, I hoped that an application filter would block. Apparently this…

Hi everyone, I have two firewalls connected by a dark fiber on a SFP port, the two main LAN networks are 192.168.1.0/24(FW1) and 192.168.0.0/24(FW2). In both firewalls there is a rule to allow all traffic between the two subnets, so the source and destination…

Because the online-help is pretty useless regarding this question: What is the difference between the policies on top and the last ones (in small letters)? What are better? Why double build-in?

What IPS policy should I use in the Lan to Lan rule? (vpn site to site) Thanks

We have a problem with the online recover of 2013. I tracked the problem down to the Application filter . We have an application filter applied to the firewall rule that allows several type of applications, including microsoft office and click2run…

- user is downloading an (executable) file (iCloud drive online) - download is starting in Edge -> download failed -> try again - download is starting in Edge -> download failed again - now a "sdpending.htm" is downloading (no it is not open in Browser…

How do I check an URL against an application list? Not possible to test like a web category? e.g. https://f.c2r.ts. cdn .office.net/pr/b8f9b850-328d-4355-9145-c59439a0c4cf/Office/Data/16.0.16130.20644/stream.x86.de-de.dat I know it's Office Updates but…

Hello, we have the message "an attempt to communicate with a botnet or command and control server has been detected sophos xgs". This message occurred simultaneously on 2 firewalls at 2 different locations. What further measures are recommended here…

Hello everyone, We asked this question to a Sophos rep, and we did not get a straight answer, so I figured that I would ask it here. On the UTM-9 firewalls, we had a Sandstorm license which allowed us to upload files manually. Now that we are moving to…

Dear friends! We have identified some brute force attack attempts on our email server. We carry out some ips blocks and also for some countries however some attacks come from countries that we have a relationship with so they cannot be blocked by the…