Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • An attempt to communicate with a botnet or command and control server has been detected.

    I found some malware on a client PC not long ago, which we discussed at length in this thread: https://community.sophos.com/intercept-x-endpoint/f/discussions/132693/mal-polazert-a-removal/491955#491955 . Intercept X is deployed throughout the network…
  • Advanced Threat Protection research

    I am having trouble determining what is happening here. I see the source is google dns, the destination is my internal dns server. the threat is clickmatters.biz. How do I track this down to find out what is going on. I checked web logs to see if anyone…
  • Sophos XG as DDoS amplification server

    Hello, After reading the following article at Arstechnica ( https://arstechnica.com/information-technology/2022/03/unending-data-floods-and-complete-resource-exhaustion-ddoses-get-meaner/?comments=1&start=0), and then the University of Maryland page…
  • OFFICE Microsoft MSHTML ActiveX control bypass attempt

    I need help with the following ips log FILE-OFFICE Microsoft MSHTML ActiveX control bypass attempt Thanks Mizan
  • Sophos XG block telegram but i don't want

    Hi, i don't understand why sophos xg mark telegram as DDOS attack.. i have disabled DDOS protection tryied to disable IPS etc from Firewall rule but nothing change... i attached last test i did maybe i'm loosing some configuration? thank yo…
  • Apple iCloud IMAP blocked as it was Torrent P2P

    Found a conversation here about the same problem 6 month ago, but I can't read a solution. My firewall is reporting a lot of Torrent P2P users in my network and block the application. In the same time users reports that they can't read mail on iPhone…
  • Rejecting VPNs programs

    Hello, noticed that VPN programs bypass Sophos blocks. I would like to know if there is any common denominator among all VPN programs, so that I can create a firewall rule preventing all these VPN programs from connecting. Thanks!
  • FILE-MULTIMEDIA Apple iTunes Playlist Overflow Attempt - What do i do now?

    Hi - I am getting a flood of: =========================================================== Alert for SFVH (SFOS 18.0.6 MR-6-Build655) XXXXXXXXXXXXX Device Information: Hostname: sophos.mylocal.network…
  • Auto-Block an ip that trigger IPS ?

    Looking to mitigate potential attackers in an efficient way. I got a report weekly that i review and the IPS events can be anywhere from 0-5K intrusions attacks logged. Most of this is port scanning and I want to stop it. I'm assuming the answer is…
  • PortScan - Port 8443/tcp was found to be open

    Hello everybody. I have an XGS 116 and out of curiosity I ran a port-scan on my external IP. Port 8443/tcp was found to be open Is this the port we use for VPN-SSL? It's safe? Tanks
  • Cannot seem to get Application Filter Firewall rule to work correctly

    So I attempted to get the application control working based on this article: https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/120242/sophos-xg-firewall-how-to-create-an-exception-in-application-filter but I could not get this to work…
  • IPS Service Issue 2022/01/25 - (SFOS 18.0.5 MR-5-Build586)

    Checking if anyone had any IPS issues today ? Box at one of my sites picked up an IPS and Application Pattern update in the afternoon and did this . System load got as high as 32 at a stage and had to reload box . Could barely get into the web ui…
  • How to block all vpns

    Just found out that the fire vpn chrome extension, just bypassed my expensive firewall. Looking for suggestions?
  • XGS2100 (SFOS 18.5.1 MR-1-Build326) the internet is so slow

    Dear All Hi I am new to using this firewall and it was installed about a month ago on the network, but since it was installed, the speed of the Internet in the network is very slow, and the ping time exceeds 1000, and I do not have a roll to disable…
  • Sky Now app not working on Sophos XG

    According to the logs its being blocked 2022-01-20 20:19:34 Invalid Traffic Denied N/A 0 192.168.1.181 54.239.35.235 54058 443 …
  • XFRM1 Traffic classified as Torrent Clients P2P

    The following syslog is showing application "Torrent Clients P2P" for all of our IPSec Tunnel Interface traffic. This traffic between our IPSec and internal server is not Torrent traffic. How do I reclassify this properly in the Sophos XG V18? date…
  • Unable to block Hotspot Shield and Betternet VPN

    Hi guys, I have been trying to block hotspot shield and Betternet VPN. I have included them in the Applications Filter. I have also changed the settings according to this guide: https://community.sophos.com/sophos-xg-firewall/f/recommended-reads…
  • Block Android Games from Accessing Internet.

    I have implemented Sophos XG on an old computer. I am very happy with it so far. But I was wondering if it could address an annoying challenge that I am facing these days. I have a 5yo child who plays games on an android device, and those games are bombarded…
  • ATP false positive?

    Hello Communitiy, from time to time we have some false positives on APT. If I check the URL with VirusTotal often Sophos is the only vendor where the URL marked as "Malicious". An example is this URL: https://coronalevel.com/Germany If I check the…
  • IPS Logs Missing

    I just upgraded from 17.5 to 18.5 MR 1 but in log viewer it doesn't show any logs for IPS. IPS system service is on. Also, in firewall rules IPS default policies LAN to WAN are applied. In v17.5 logs would show for IPS. What could be the problem…
  • ATP block all *.idv.tw FQDN query!?

    We found all the *. idv.tw domains were blocked by ATP with XG. I have opened a case (ID: 04765685) to Sophos, but Sophos seems doesn't know the issue? Shunze
  • Sophos IPS still applies certain critical rules without policy assigned

    Hello - I was told by support recently that even if I had no IPS policies assigned to my rules that some critical IPS signatures would still be applied on the backend. Its a little bit hard to believe it would do this if there were no IPS policy assigned…
  • IPS Ausnahmen für Schwachstellenscan extern auf Sophos XG

    Hallo zusammen, ich bin gerade auf der Suche die richtigen Einstellungen an einer Sophos XG zu finden um einen geplanten Schwachstellenscan auf die externen IP Adresse der Firewall durchzuführen. Im richtige Ergebnisse zu bekommen, werden die Tests…
  • Information Required for Apply IPS Policy for Different Rules In XG Firewall

    Greetings Sophos Community, I am using Sophos XG Firewall 125. I have Different Inbound and Outbound Rules. On Different Zones like WIFI to WAN, LAN to WAN (I have Applied General IPS Policy) I need Suggestion Is this Policy Type suitable for my Zones…
  • Sophos XG Home throttling bandwidth

    XG Home firewall is throttling my bandwidth. I was able to get ~900MB download on a speed test from my computer through the ISP modem (connected directly). When I was connected through my home router (wired) without the XG home firewall in the network…