Good day I have a challenge with blocking youtube. Initially the rule was working fine and all of the sudden users are able to access youtube. i can block other site but youtube keeps working. i have just upgraded the sophos firmware to SFOS 19…

There is a critical 0-Day exploit for Exchange already being exploited, which is pretty much the same as the "ProxyShell" vulnerability in March. How can I check if the mitigation is already working with Snort or IPS rules? https://gteltsc.vn/blog…

Dear Team, As we checked and tried to deny some adult-containing sites on Sophos firewall, with the help of a website, we were able to deny that website, but in the application category, we were not observing any adult-related application, so kindly check…

So I have IPS protection turned on as shown below: I know that the pattern is updating as shown below: So I have 2 questions. 1. Shouldn't the 'Time of signature update' change dates when IPS and Application signatures are updated? Mine doesn…

Hi, In lan network some user need wetranfer access but due to data privacy we dont give to share data upload access only download access so kindly give solution to resolve. model-XG210 version-18.5.4 Thanks Satya

Hi, Not sure if this is a cosmetic issue, or something that needs further investigation - the IPS signatures are being reported in one part of the GUI as being old, but yet updated in another screen. Here it's showing Aug 26th But in this…

We have noticed that connections are sometimes interrupted for a period of 5 minutes. It is then not possible to establish new connections (external / internal) via Sophos. This happens 1-2 times per day and always at a different time. I went through…

Hi, How do I report application traffic that is incorrectly identified - The below is being reported as personal network storage, when it's for iCloud private relay, and should therefore (I would ahve thought) be classified under proxy services…

Hi folks, over the last week or so I have noticed previously fixed issues with applications being incorrectly classified returning in my daily reports. Manual proxy surfing and thunder VPN. Why are these previously resolved issues appearing, does…

Is it expected for Zero Day Protection to flag chrome updating on all my machines every couple of days? Is there a way to safely add this to an exception list to prevent the hundreds of "suspicious" notifications that are being logged? I tried adding…

BACKGROUD From FW version: Version 18.5 MR3 Build 408 - Application filter "Facebook Video Playback" is working properly. This means that in my organization Facebook is allowed to access but playing any videos within Facebook is not. ISSUE After upgrading…

i turned off ips but as the screenshot shows there are 3 snort services that each one uses 10% of memory so even inmy network there is just 30 users , the memory usage is higher than 70% what should we do to lower the usage of snort services?

Hi folks, v19.0.1 MR-1 IPS service has stopped and will not restart, the error message is the process is taking too long. There are no entries in the Logviewer -> system log indicating any issues. Next step please. Update :- after two attempts…

What is the best way to established secure connection with the remote pc without being compromise security of your own pc. How to create firewall on your pc and servers? How to secure my company mail server security? Growthtakeover How to…

Hi all, short question from my side. I just saw the row "IP Flood" under Intrusion Protection --> DoS Attacks. I was curios, why it was turned of and then saw, that there is no way to configure it. At least not in the DoS settings: Furthermore…

Hi guys, I am unable to block the Hoxx VPN extension on firefox. I followed the Application filter recommended settings for better application detection ( https://soph.so/WtpQzU ). The application uses port 80/443 for VPN servers. Sophos XGS is unable…

Hi guys, I was testing if users could bypass the network restrictions using ShadowSocks. I created a server in Vultr and configured the Socks5 server. On the client side, I configured the Socks5 client. Added it has a proxy in Firefox. I am able to…

Hi all, I have this alert today on FW Sophos in Log Viewer \Malware ( look at picture), every ~1 min What does it mean and how to resolve this or stop it Thanks to all

HI, I have the XGS126 and it's running the latest firmware 19.0, was trying to block Instagram app, so need some assistance as I created the application filter contacting streaming media category and linked it to a policy, yet the app is still workin…

HI All Currently i am facing a issue with zoom application. This happens my xg210 firewall all of sudden rebooted to factory default condition and then restore to old backup. but after this incident my zoom application reboot automatically during…

Hello, we are using : Sophos XG450 (SFOS 18.5.1) During the last 2 weeks we recceived the following Security Warnings on 2 different Computers: Was ist passiert: Ein Computer hat schädliche Daten versandt. Das lässt darauf schließen, dass er mit…

Hello, I have run into an issue with DoS settings on our company's XG550 (running 18.5.4 MR-4 ). I wanted to enable DoS protection on it, so i setup a netflow server to send all netflow data to it so i could estimate the needed packet rates. And after…

Noticed ransomware alert from a PC with C:\Windows\System32\msiexec.exe but drilling down I can see it's Trusteer Rapport. I have about a dozen machines with this software though and none of the others are alerting. I'm 99% sure it's a false positive…

Is there a setting I'm missing? Every one of our several hundred firewalls always shows empty IPS logs ("No record found"), even when the firewall shows that it has been dropping packets due to flood protection. See the screenshots below.

Hello everybody, on our firewall XG XG310 (SFOS 18.5.4 MR-4-Build418) I have enabled IPS and I also wanted to enable the various DoS & spoof protection functions. Not being an expert on the subject, I enabled everything by ticking the various "apply…