BUG - in screen presentation in firewall rules

Hi,

this little bug is a hangover from v17. but worse.

The issue occurs when you tick detect zero-day threats with sandstorm, the blue ! pops up and does not go away unless you untick the detect box. As a result you cannot see what is behind the blue box. 

Not a major issue, just annoying.

Ian

 

  • Thanks for your great explaination. The fact that the feature is there and eanbled but not really "put additional control" leads to additional confusion.

    I remember in the v16, the sandstor tickbox was unavailable if you did not have the sandstorm license. Now if the box is clickable, people will complain saying "Sophos Sandstorm does not work as expected!"

  • Michael Dunn said:

    However the "correct" thing to do is unselect sandstorm.  Users should not try to leave it enabled it when they are not licensed for it.

     

    If I am not mistaken, a new install of the system has that option enabled by default. 

  • First of all, please note that sandstorm / licensing works differently in XG and UTM.  It is quite possible people are remembering things from the UTM.

     

    The Sandstorm feature was introduced in XG 16.5, and I am 99% sure that all the blue balloon text was there from the beginning.

    I do not know for XG email how sandstorm is turned on/off and what the default is.

    For XG web, sandstorm is configured from the firewall rule.  All new firewall rules start the same way, with all the web protection turned off including sandstorm.  IIRC from 16.5 to 18.0 when you turn on malware scanning for web for a firewall rule that does not automatically turn on the checkbox directly below for sandstorm.  For enabling sandstorm and licencing, nothing has changed since 16.5.  AFAIK no complaints from customers has come back to the Dev team.

     

     

    The way the system is designed:

    1) If you get a big blue bubble text that says it won't work, then it won't work.  Anyone who ignores the big blue bubble and complains that it does not work should be sho-... Should get a refund.

    2) If you enable sandbox for web in the firewall and do not get a big blue bubble text then it will work.

    3) Though the checkboxes have been renamed in moved in various versions, the state, default, and big blue bubble has remained.

     

    If you don't get any warnings, but it does not work please let me know because there may be a defect.

     

  • Hi,

    I just built a v17.5.x box to compare some items with v18 EAP and during installation after my home licence was registered and synchronised I was offered the ability to send sandstorm data to Sophos.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • rfcat_vk said:

    I just built a v17.5.x box to compare some items with v18 EAP and during installation after my home licence was registered and synchronised I was offered the ability to send sandstorm data to Sophos.

     

    Ian, on the home licence can you go to Administration \ License and screenshot the subscriptions?

     

    If "sandstorm" is "subscribed" then sandstorm is fully working on your home box.  Whether you should be or not is a licensing issue, not my department.  But if you are subscribed then the XG itself works correctly, obeying the license.

     

    If "sandstorm" is not "subscribed" and you are not getting any warning message, I want to know.  I cannot replicate the problem here.  We will switch to PM and I'll get you to gather a few bits of data from the command line.

  • Just in case, there is one other thing which I doubt affects you.  Some of the UI elements are cached, and if your license ever changes you need to refresh the whole site.  For some browsers/configurations this is just closing all windows and starting the browser again.  For some you need to Control-F5 to force a full refresh.  We encounter this in testing all the time when changing licenses on the fly, but I don't think it should affect real customers often.