Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • Unable to block Hotspot Shield and Betternet VPN

    Hi guys, I have been trying to block the hotspot shield and Betternet VPN. I have included them in the Applications Filter. I created a support ticket with Sophos and we were able to block the said applications by decrypting HTTPS using web proxy…
  • Deny logs as IP Spoof after New interface creation

    Hi friends, Some kind of error logs appeared after this integration detailed below. We have added AP as a new interface like below; AP is on 192.168.11.1, all features disabled. WAN connection is on PORT#4
  • Synology NAS loses connection after IPS is enabled in LAN to WAN Rule ?

    Hi, I'm struggling to understand an issue I'm facing. It seems like my NAS is losing few functionalities once I activate IPS (lantowan_general) in my LAN to WAN rule. I see some IP being blocked, unable to perform cloud sync, etc.. but it's not clear…
  • Can we talk about STUN traffic?

    I'm noticing that when I do reports or look at live connections, I see a lot of STUN traffic. And it's a LOT of traffic, which is puzzling in that I thought STUN was merely a tool to figure out how to get a direct connection when that would otherwise…
  • XGS High CPU Usage - Snort

    I have a cluster of XGS2300 firewalls that do not seem to offload traffic via "fastpath" as they should. Sometimes it works great, but other times it seems like it doesn't offload anything. CPU utilization sits around 40-50%. Currently the firewall…
  • SOPHOS XGS Application Control blocking nordVPN

    Hi , is there any Option to block nordVPN , wasn't able to find any option in the Application Control . For the most shady VPN Provider are blocking options available. We highly need to block any kind of shady VPN ´ s specally nordVPN ! We are…
  • XG stops routing

    I've got a ticket open for this, but have no idea how much effort is being put into it. Any extra help gratefully received or our office is going to be offline for most of the weekend. Our XG135 suddenly stopped passing almost all traffic the other…
  • google play application control Sophos XG firewall

    need to block google play app via application control in Sophos XG firewall as i couldn't find it in the application filter
  • Remote VPN only to Domain Computers

    Is there a way to prevent home users to use VPN Client on the own devices? We would like to allow only Domain Computers or generate a certificate to restring user's devices. Unfortnately, I don't have Sophos Central InterceptX to use Heartbeat status…
  • An attempt to communicate with a botnet or command and control server has been detected.

    Hi Everyone! Can anyone help me? I received several reports from XG Firewall that a n attempt to communicate with a botnet or command and control server has been detected. The source IP is Google's DNS (8.8.8.8 and 8.8.4.4) and my DNS (203.167.97…
  • Enabling IPS for internal users?

    How do I enable IPS for the data coming in as a response to client request? If I add iPS to the outbound Traffic to WAN rule will it also apply to the inbound results? I can't see where I can add it to the Traffic to WAN NAT rule.
  • most of LAN<->Server communication detected as "Torrent Clients P2P"

    We've replaced a SG by XGS 18.5 MR3 and there is now massive false positive detection of Torrent Client P2P traffic by application filter. Most firewall rules for internal traffic have the default Application filter applied: "Block high risk (Risk Level…
  • DDOS protection explained

    Can anyone explain what Sophos meant when designing this menu? My experience comes from fortigate where most of options are logically ordered and described, but here im out of any How should i interprete it ? PIC 1 seems logical; Pic 2 SOPH…
  • IPS Alerts which I cannot get rid of

    I am getting alerts like this per mail: Alert for SFVH (SFOS 18.5.3 MR-3-Build408) Cxxxxxxxxxxxxxxxxx Device Information: Hostname: gate Management Interface IP: 10.0.0.254 Date/Time: 2022-04-10 16…
  • Understanding IPS Alerts

    I have been receiving 2 IPS alerts regularly. The XG appears to drop the packet, but I am trying to understand the alert and make sure that I don't start disregarding alerts that need attention. The one happens several times a day. SCAN Zgrab Scanning…
  • How to View IPS Rule IDs included in Default IPS Rules?

    Having received a warning from Sophos regarding For CVE-2022-22963 we were advised to check that the IPS rule 2306989 is added to our policy. Some of our rules use custom IPS policies, whereas others use the default ones, i.e. "LAN TO WAN" etc. …
  • An attempt to communicate with a botnet or command and control server has been detected.

    I found some malware on a client PC not long ago, which we discussed at length in this thread: https://community.sophos.com/intercept-x-endpoint/f/discussions/132693/mal-polazert-a-removal/491955#491955 . Intercept X is deployed throughout the network…
  • Advanced Threat Protection research

    I am having trouble determining what is happening here. I see the source is google dns, the destination is my internal dns server. the threat is clickmatters.biz. How do I track this down to find out what is going on. I checked web logs to see if anyone…
  • Sophos XG as DDoS amplification server

    Hello, After reading the following article at Arstechnica ( https://arstechnica.com/information-technology/2022/03/unending-data-floods-and-complete-resource-exhaustion-ddoses-get-meaner/?comments=1&start=0), and then the University of Maryland page…
  • OFFICE Microsoft MSHTML ActiveX control bypass attempt

    I need help with the following ips log FILE-OFFICE Microsoft MSHTML ActiveX control bypass attempt Thanks Mizan
  • Sophos XG block telegram but i don't want

    Hi, i don't understand why sophos xg mark telegram as DDOS attack.. i have disabled DDOS protection tryied to disable IPS etc from Firewall rule but nothing change... i attached last test i did maybe i'm loosing some configuration? thank yo…
  • Apple iCloud IMAP blocked as it was Torrent P2P

    Found a conversation here about the same problem 6 month ago, but I can't read a solution. My firewall is reporting a lot of Torrent P2P users in my network and block the application. In the same time users reports that they can't read mail on iPhone…
  • Rejecting VPNs programs

    Hello, noticed that VPN programs bypass Sophos blocks. I would like to know if there is any common denominator among all VPN programs, so that I can create a firewall rule preventing all these VPN programs from connecting. Thanks!
  • FILE-MULTIMEDIA Apple iTunes Playlist Overflow Attempt - What do i do now?

    Hi - I am getting a flood of: =========================================================== Alert for SFVH (SFOS 18.0.6 MR-6-Build655) XXXXXXXXXXXXX Device Information: Hostname: sophos.mylocal.network…
  • Auto-Block an ip that trigger IPS ?

    Looking to mitigate potential attackers in an efficient way. I got a report weekly that i review and the IPS events can be anywhere from 0-5K intrusions attacks logged. Most of this is port scanning and I want to stop it. I'm assuming the answer is…