Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • Block Youtube

    Good day I have a challenge with blocking youtube. Initially the rule was working fine and all of the sudden users are able to access youtube. i can block other site but youtube keeps working. i have just upgraded the sophos firmware to SFOS 19…
  • Exchange 0-Day CVE-2022–41040 and CVE-2022–41082, how to check if rules are including the mitigation?

    There is a critical 0-Day exploit for Exchange already being exploited, which is pretty much the same as the "ProxyShell" vulnerability in March. How can I check if the mitigation is already working with Snort or IPS rules? https://gteltsc.vn/blog…
  • Regarding adults, contained in the application category

    Dear Team, As we checked and tried to deny some adult-containing sites on Sophos firewall, with the help of a website, we were able to deny that website, but in the application category, we were not observing any adult-related application, so kindly check…
  • Error Message-Couldn't Update the IPS Status

    So I have IPS protection turned on as shown below: I know that the pattern is updating as shown below: So I have 2 questions. 1. Shouldn't the 'Time of signature update' change dates when IPS and Application signatures are updated? Mine doesn…
  • application filter and web filter

    Hi, In lan network some user need wetranfer access but due to data privacy we dont give to share data upload access only download access so kindly give solution to resolve. model-XG210 version-18.5.4 Thanks Satya
  • Sophos Firewall: v19.0 MR1: IPS Update Question

    Hi, Not sure if this is a cosmetic issue, or something that needs further investigation - the IPS signatures are being reported in one part of the GUI as being old, but yet updated in another screen. Here it's showing Aug 26th But in this…
  • Connections time out when IPS enabled (sporadically)

    We have noticed that connections are sometimes interrupted for a period of 5 minutes. It is then not possible to establish new connections (external / internal) via Sophos. This happens 1-2 times per day and always at a different time. I went through…
  • Incorrectly Identified Applications - iCloud relay

    Hi, How do I report application traffic that is incorrectly identified - The below is being reported as personal network storage, when it's for iCloud private relay, and should therefore (I would ahve thought) be classified under proxy services…
  • IPS updates - old issues returning

    Hi folks, over the last week or so I have noticed previously fixed issues with applications being incorrectly classified returning in my daily reports. Manual proxy surfing and thunder VPN. Why are these previously resolved issues appearing, does…
  • Zero Day Protection

    Is it expected for Zero Day Protection to flag chrome updating on all my machines every couple of days? Is there a way to safely add this to an exception list to prevent the hundreds of "suspicious" notifications that are being logged? I tried adding…
  • Version 18.5 MR4 Build 418 - Application filter "Facebook Video Playback" is not working anymore.

    BACKGROUD From FW version: Version 18.5 MR3 Build 408 - Application filter "Facebook Video Playback" is working properly. This means that in my organization Facebook is allowed to access but playing any videos within Facebook is not. ISSUE After upgrading…
  • sophos xg125 firewall snort using high percentage of memory

    i turned off ips but as the screenshot shows there are 3 snort services that each one uses 10% of memory so even inmy network there is just 30 users , the memory usage is higher than 70% what should we do to lower the usage of snort services?
  • IPS service has stopped and will not restart.

    Hi folks, v19.0.1 MR-1 IPS service has stopped and will not restart, the error message is the process is taking too long. There are no entries in the Logviewer -> system log indicating any issues. Next step please. Update :- after two attempts…
  • Best way to establish secure connection

    What is the best way to established secure connection with the remote pc without being compromise security of your own pc. How to create firewall on your pc and servers? How to secure my company mail server security? Growthtakeover How to…
  • IP Flood - What does it, documentation and where to configure

    Hi all, short question from my side. I just saw the row "IP Flood" under Intrusion Protection --> DoS Attacks. I was curios, why it was turned of and then saw, that there is no way to configure it. At least not in the DoS settings: Furthermore…
  • Unable to block Hoxx VPN

    Hi guys, I am unable to block the Hoxx VPN extension on firefox. I followed the Application filter recommended settings for better application detection ( https://soph.so/WtpQzU ). The application uses port 80/443 for VPN servers. Sophos XGS is unable…
  • Unable to block Socks5 Proxy

    Hi guys, I was testing if users could bypass the network restrictions using ShadowSocks. I created a server in Vultr and configured the Socks5 server. On the client side, I configured the Socks5 client. Added it has a proxy in Firefox. I am able to…
  • Malware 'Unscannable' was detected

    Hi all, I have this alert today on FW Sophos in Log Viewer \Malware ( look at picture), every ~1 min What does it mean and how to resolve this or stop it Thanks to all
  • Blocking Instagram app

    HI, I have the XGS126 and it's running the latest firmware 19.0, was trying to block Instagram app, so need some assistance as I created the application filter contacting streaming media category and linked it to a policy, yet the app is still workin…
  • zoom application restart in firewall network. works better in non-firewall network

    HI All Currently i am facing a issue with zoom application. This happens my xg210 firewall all of sudden rebooted to factory default condition and then restore to old backup. but after this incident my zoom application reboot automatically during…
  • XG450 Advanced Threat Protection -> C2/Generic-A -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe - False Postive Alarm?

    Hello, we are using : Sophos XG450 (SFOS 18.5.1) During the last 2 weeks we recceived the following Security Warnings on 2 different Computers: Was ist passiert: Ein Computer hat schädliche Daten versandt. Das lässt darauf schließen, dass er mit…
  • XG550 DoS settings

    Hello, I have run into an issue with DoS settings on our company's XG550 (running 18.5.4 MR-4 ). I wanted to enable DoS protection on it, so i setup a netflow server to send all netflow data to it so i could estimate the needed packet rates. And after…
  • Sophos suddenly detecting Trusteer Rapport?

    Noticed ransomware alert from a PC with C:\Windows\System32\msiexec.exe but drilling down I can see it's Trusteer Rapport. I have about a dozen machines with this software though and none of the others are alerting. I'm 99% sure it's a false positive…
  • IPS and Flood Protection logs always empty in GUI

    Is there a setting I'm missing? Every one of our several hundred firewalls always shows empty IPS logs ("No record found"), even when the firewall shows that it has been dropping packets due to flood protection. See the screenshots below.
  • DoS & spoof protection (What settings do you recommend?)

    Hello everybody, on our firewall XG XG310 (SFOS 18.5.4 MR-4-Build418) I have enabled IPS and I also wanted to enable the various DoS & spoof protection functions. Not being an expert on the subject, I enabled everything by ticking the various "apply…