What IPS policy should I use in the Lan to Lan rule? (vpn site to site) Thanks

We have a problem with the online recover of 2013. I tracked the problem down to the Application filter . We have an application filter applied to the firewall rule that allows several type of applications, including microsoft office and click2run…

- user is downloading an (executable) file (iCloud drive online) - download is starting in Edge -> download failed -> try again - download is starting in Edge -> download failed again - now a "sdpending.htm" is downloading (no it is not open in Browser…

How do I check an URL against an application list? Not possible to test like a web category? e.g. https://f.c2r.ts. cdn .office.net/pr/b8f9b850-328d-4355-9145-c59439a0c4cf/Office/Data/16.0.16130.20644/stream.x86.de-de.dat I know it's Office Updates but…

Hello, we have the message "an attempt to communicate with a botnet or command and control server has been detected sophos xgs". This message occurred simultaneously on 2 firewalls at 2 different locations. What further measures are recommended here…

Hello everyone, We asked this question to a Sophos rep, and we did not get a straight answer, so I figured that I would ask it here. On the UTM-9 firewalls, we had a Sandstorm license which allowed us to upload files manually. Now that we are moving to…

Dear friends! We have identified some brute force attack attempts on our email server. We carry out some ips blocks and also for some countries however some attacks come from countries that we have a relationship with so they cannot be blocked by the…

When my at-home DNS server which is running running Unbound with Adguard Home DNS contacts the root DNS servers, the root servers are detected as psiphon proxy by the firewall. I do not have any Psiphon proxy app on any of my devices. Is this a false…

Running SFOS 19.5.2 MR-2 on an XG310. In the Zero-day protection section of the Control Center, it shows 0 Recent, 274 Incidents, 330 Scanned. When I click on that, it goes to the Zero-day protection logs, and I get two pages containing a total of 38…

There are a number of zero day security alerts on my Sophos firewall tab coming from Chrome Installer. Any help would be appreciated! - The machine learning analysis and sandbox analysis shows no signs of bad intension and the overall file hash shows…

what traffic can be handled in version 4 core, 6Gb RAM in relation to IPS/IDS

i'm using Sophos XG210 (SFOS 18.5.4 MR-4-Build418) . how to create policy for client using only whatsapp

Hi everyone, So like a lot of others here I've experienced where we get the notification that an attempt to communicate with a botnet or command and control server has been detected. And its always these same three sites: As you can see…

Hi, some users of us are using a business website that has an Application (not Web) categorization as Vulnerabilities (besides others) for some years now. It's just when you even call the start page, that the firewall blocks request. That causes me…

whenever i open a rule the application filter stuck on loading i restarted it but se ems weired to me.. any fix?\

Hello, I have a sophos xg can you share a way to block publicip from scanning for open ports and also how can you blacklist an IP address.

Hi all , i need to allow anydesk for some administrators (lan to wan) i make this config below but it doesn't work ! Where's the problem? Source zones=LAN Source networks and devices=any During scheduled time=all the time Destination zones…

We have a customer who uses Sophos Firewall (SFOS 19.5) but has a third party antivirus tool. So no Endpoint Agent and no Intercept X is installed on the client PCs. Does it make sense at all to use App control in the Firewall Rules in this scenario…

Hi I am using XG-115 FW. What is the easiest way to block TikTok? Read number of articles published in the community and noticed that different people are talking different methods. I am confused. Hence looking for a simple answer with simple instructions…

Hi all, Upgraded customers to Veeam Backup and Replication to version 12, an started seeing theese on the backup copy jobs, for the remote repositories: 03-04-2023 14:29:31 :: Processing Error: An unknown error occurred while processing the certificate…

Hello. After importing some firewall rules from another XGS3300 running 19.5.0 over the weekend, each morning I'm coming in to find that we can't access the internet. When I check the application filter for "Block high risk (Risk Level 4 and 5) apps"…

Hello am getting this alert sara-tabuk.no-ip.biz as an ATP threat can you assist?

Firmware version 17.0 have this signature but firmware version 18.5, 19.0, and 19.5 do not have this signature. Can anyone have firewall firmware version 19.5.1 and search in IPS policies have this signature and capture image reply me pls.. Thanks in…

I'm having a hard time blocking ChatGPT and can't even find it in application control. Please help, thank you!

Good morning We have an end customer (a school) where students use iPads. It turns out that there are several students who have caught the bad habit of getting IPs from proxy servers thanks to the XVPN application. They do not use it on the iPads, but…