Hallo Gemeinde Auf der alten UTM konnte ich in den Netzwerkdefinitionen Mac-Adresslisten erstellen und diese dann als Black oder Whitelist verweden. Auf meiner XG-Home Sfos 20.0.2 MR-2 Build378 gibt es unter Wireless / Wireless-Networks / "myWLAN…

Hi Zusammen, ich hadere gerade damit, das IPS einer Sophos so einzurichten, dass sie einen Portscan blockiert, oder zumindest überhaupt mal erkennt. Meine Richtline hat einen Smartfilter "nmap" (hab aber auch schon alle 7k Richtlinien aktiviert…

Hi all, im pretty new to the sophos firewall i noted that on the dashboard it showed an attack and also checked the logs whcih are both shown below. From this i can see that it was detected rather than blocked. Is there a way to set the IPS to block by…

Hello everyone, Since yesterday, we have been experiencing a consistent IPS alert from our firewall (XGS Vers. SFOS 20.0.2 MR-2-Build378 ). The affected connection is between our email gateway/proxy in the DMZ and our mail server. Every 30 minutes…

hello, I got this intrusion attempt for the first time. just don't know what to do. I looked for any recent downloads and browsing history, and asked the user if he plugged any device to the computer but nothing suspicious found. this is a screenshot…

hello, Alert Message: Message: SERVER-WEBAPP Arcadyan Routers CVE-2021-20090 Path Traversal Attempt I got this Alert today, and the attacker is one of the company's computer, I read an article about this vulnerability…

Dear Member I hope this message finds you well. I am currently encountering a significant amount of network traffic related to the Attack-FILE-IMAGE ImageMagick SyncExifProfile Out Of Bounds Array Indexing alert. the firewall ais detecting and dropping…

I found https://community.sophos.com/sophos-xg-firewall/f/discussions/110856/default-ips-policies/397166?focus=true, didn't help. Sophos pre-packages some IPS policies by default. Without having to go through each of them with a fine toothed comb, is…

Cannot send Viber attachment on desktop version but successful on mobile version. Just migrated from XG210 to XGS2100 with latest firmware SFOS 20.0.1 MR-1 Build 342. No problem in fresh setup on XGS2100 both desktop and mobile version on Viber. Thank…

Hallo zusammen, Ich stehe vor einem (mir) etwas neuem Problem. Einer meiner Kunden möchte einen externen Pentest durchführen, dieser Dienstleister fragt an ob wir seine IPs für den IPS Scan whitelisten können. Mein Google-Fu hat mich soweit geleitet…

Hi All Ive spent some time on the Sophos documentation but I'm unable to get to an answer via the available online resources. I have a firewall with a few basic rules. Unrestricted internet policy - less web and app filter restrictions based on…

Hello, Im doing some POC to chose the best firewall that have a good NGIPS. The default IPS profile was not able to block Impacket, psexec or any other Windows RCE. How can i made the IPS policy more strict for a LAN to LAN policy.

We have some customers who use quite sensitive software. We have had repeated session drops with one customer (always at noon on Tuesdays -GMT-) The IPS patterns are said to have been updated at this time today. IPS is only active for some external connections…

Hello All, I am a newbee to XG, but have been using UTM9 for some years. In UTM9, I could see a number of attacks being dropped every day. After I changed to XG (version SFVH [SFOS 20.0.0 GA-Build222]) I do no longer see any attacks. I have activated…

Hello Community, one of our customers requested whether we could block internet access for powershell in order to prevent sideloading of any malicious modules or scripts. On the SG firewall, I already tried adding an application block rule for…

hi, can you please show me a template for DOS best practices and proof protection

How to block applications such as advanced ip scanner from scanning the network? my product is sophos xgs 2300

Hallo zusammen, seitdem 29.02. erhalten wir täglich mehrere IPS Meldungen: Alert ID: 7002 "BROWSER-IE Microsoft Edge edgehtml.dll normalize missing div child use after free attempt" Wenn man die IPs nachvollzieht, sind es immer Microsoft Domains…

Hallo zusammen, ich habe die XGS Firewall und den Endpoint mit Intercept X Advanced. Beide können HTTPS Entschlüsseln und IPS. Welchen der beiden soll ich dafür verwenden?

We have XG210 with SFOS 19.5.4. I've noticed ips.log filling up /var partition till there is no free space on disk and it causes device to boot into fail-safe mode. Stopping IPS service stops log file from growing but when I restart IPS service, this…

Hello Community Members, I want to enable DoS & spoof protection in my Sophos XGS2100. But, To enable it for all the hosts there will be a lot of trusted MAC addresses so adding them manually is a time-consuming process. So I came across this article…

Hi Sophos community any solution for this issue. Message: SERVER-OTHER multiple products blacknurse ICMP denial of service attempt

Need help with this issue in sophos Message: SERVER-WEBAPP SNIProxy new_address Stack Buffer Overflow

In the Sophos Central Report Generator (IPS Report Template), there is a column for Log Subtype we noticed that most of the values are "drop" however there are a few rows with values "detect". Does this mean did Sophos IPS allowed this traffic? If ever…

For some time, we get the following IPS Log Messages: Example 1 2024-01-16 12:12:20 IPS messageid="06001" log_type="IDP" log_component="Anomaly" log_subtype="Detect" ips_policy="" ips_policy_id="0" fw_rule_id="140" fw_rule_name="x1" fw_rule_section…