I found some malware on a client PC not long ago, which we discussed at length in this thread: https://community.sophos.com/intercept-x-endpoint/f/discussions/132693/mal-polazert-a-removal/491955#491955 .
Intercept X is deployed throughout the network…
I am having trouble determining what is happening here. I see the source is google dns, the destination is my internal dns server. the threat is clickmatters.biz. How do I track this down to find out what is going on. I checked web logs to see if anyone…
Hello,
After reading the following article at Arstechnica ( https://arstechnica.com/information-technology/2022/03/unending-data-floods-and-complete-resource-exhaustion-ddoses-get-meaner/?comments=1&start=0), and then the University of Maryland page…
Hi,
i don't understand why sophos xg mark telegram as DDOS attack.. i have disabled DDOS protection tryied to disable IPS etc from Firewall rule but nothing change...
i attached last test i did
maybe i'm loosing some configuration?
thank yo…
Found a conversation here about the same problem 6 month ago, but I can't read a solution.
My firewall is reporting a lot of Torrent P2P users in my network and block the application.
In the same time users reports that they can't read mail on iPhone…
Hello, noticed that VPN programs bypass Sophos blocks. I would like to know if there is any common denominator among all VPN programs, so that I can create a firewall rule preventing all these VPN programs from connecting.
Thanks!
Hi - I am getting a flood of:
===========================================================
Alert for SFVH (SFOS 18.0.6 MR-6-Build655) XXXXXXXXXXXXX
Device Information: Hostname: sophos.mylocal.network…
Looking to mitigate potential attackers in an efficient way. I got a report weekly that i review and the IPS events can be anywhere from 0-5K intrusions attacks logged. Most of this is port scanning and I want to stop it.
I'm assuming the answer is…
Hello everybody. I have an XGS 116 and out of curiosity I ran a port-scan on my external IP. Port 8443/tcp was found to be open Is this the port we use for VPN-SSL? It's safe?
Tanks
So I attempted to get the application control working based on this article: https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/120242/sophos-xg-firewall-how-to-create-an-exception-in-application-filter but I could not get this to work…
Checking if anyone had any IPS issues today ?
Box at one of my sites picked up an IPS and Application Pattern update in the afternoon and did this .
System load got as high as 32 at a stage and had to reload box .
Could barely get into the web ui…
Dear All
Hi
I am new to using this firewall and it was installed about a month ago on the network, but since it was installed, the speed of the Internet in the network is very slow, and the ping time exceeds 1000, and I do not have a roll to disable…
The following syslog is showing application "Torrent Clients P2P" for all of our IPSec Tunnel Interface traffic. This traffic between our IPSec and internal server is not Torrent traffic. How do I reclassify this properly in the Sophos XG V18?
date…
Hi guys,
I have been trying to block hotspot shield and Betternet VPN. I have included them in the Applications Filter.
I have also changed the settings according to this guide:
https://community.sophos.com/sophos-xg-firewall/f/recommended-reads…
I have implemented Sophos XG on an old computer. I am very happy with it so far. But I was wondering if it could address an annoying challenge that I am facing these days. I have a 5yo child who plays games on an android device, and those games are bombarded…
Hello Communitiy,
from time to time we have some false positives on APT. If I check the URL with VirusTotal often Sophos is the only vendor where the URL marked as "Malicious". An example is this URL: https://coronalevel.com/Germany
If I check the…
I just upgraded from 17.5 to 18.5 MR 1 but in log viewer it doesn't show any logs for IPS.
IPS system service is on. Also, in firewall rules IPS default policies LAN to WAN are applied.
In v17.5 logs would show for IPS.
What could be the problem…
We found all the *. idv.tw domains were blocked by ATP with XG.
I have opened a case (ID: 04765685) to Sophos, but Sophos seems doesn't know the issue?
Shunze
Hello - I was told by support recently that even if I had no IPS policies assigned to my rules that some critical IPS signatures would still be applied on the backend. Its a little bit hard to believe it would do this if there were no IPS policy assigned…
Hallo zusammen,
ich bin gerade auf der Suche die richtigen Einstellungen an einer Sophos XG zu finden um einen geplanten Schwachstellenscan auf die externen IP Adresse der Firewall durchzuführen.
Im richtige Ergebnisse zu bekommen, werden die Tests…
Greetings Sophos Community,
I am using Sophos XG Firewall 125. I have Different Inbound and Outbound Rules. On Different Zones like WIFI to WAN, LAN to WAN (I have Applied General IPS Policy)
I need Suggestion Is this Policy Type suitable for my Zones…
XG Home firewall is throttling my bandwidth. I was able to get ~900MB download on a speed test from my computer through the ISP modem (connected directly). When I was connected through my home router (wired) without the XG home firewall in the network…