I am facing a problem with IPS service when stopping it every thing is going well,when starting it youtube.com can't resolve and not opening even I can't ping it ,in the same time I can open any other site,the only change I did with IPs that I changed…

Firewall blocked an email. I do not understand why . Log: 2018-10-20 14:30:19IPSmessageid="07002" log_type="IDP" log_component="Signatures" log_subtype="Drop" ips_policy="" ips_policy_id="7" fw_rule_id="71" user="" sig_id="12597" message="SERVER-OTHER…

Dear All, I have configured DOS policy and I can see the packet dropped by the DDOS but where I can see the logs? I tried to find out in IPS, System, Firewall logs but no luck. Please help

Hallo, ich hatte bisher immer das Problem, dass sich die Filmtrailer auf meinem Apple TV (Gen. 3) nicht immer abspielen ließen. Hin und wieder hat es bei einem Film funktioniert und dann wieder nicht. Also geschätzt konnte ich ca. 90% der Filmtrailer…

I need to see if sophos (XG or SG) gather some requirements but I can't find information about IDS, can someone tell me if sophos (XG or SG) have IDS

Hi, We are planning for a big network (2500 Chrome OS Users) and I am asking a simple question about IPS configuration for the Chrome OS policies. There is no specific IPS signature for the Chrome OS in the XG firewall IPS (I didn't find on another…

Dear All, There is an action in the IPS policy " Bypass Session" and as per documents " Bypass Session - Allows the entire session if detects any traffic that matches the signature." and recommendation for the same is: "To save resources and avoid…

IPS Sophos XG DOS Protection What do you have set for your IPS / DOS protection i have tried the standard limits and also increased them and found traffic related issues not sure if found any issues with the XG or found a sweet spot. Obviously different…

I recently noticed some activity flagged as attacks on the XG Dashboard. Clicking on it indicated that the packets were allowed. I looked through the IPS policies to find the applicable rule, which was this one: Apple QuickTime traf Atom Out-Of-Bounds…

I have noticed that my Tivo is being flagged by the IPS with "Apache HTTP Server mod_rpaf x-forwarded-for Denial of Service." There were 27 instances yesterday, with 3 noted IP address targets. Is this a false positive or something that I should be concerned…

Hi! Although I have selected "None" for Protection and Intrusion Protection in a specific WAF rule, I'm gettings tons of instrusion attacks on that webserver. Unfortunately, they are all false positives because the webserver is a cloud file server …

Hello there, please do not blame me for my bad english, i am not a native english speaker but i will try my best. Through a Blog i found the Sophos XG for Home and i bought an ITX System with dual NICs. Now i have a few problems. 1. IPS …

So I have a second opportunity this coming Saturday to install the XG210 after some more work to my rules and help from the members here. Because our existing firewall had SIP disabled and h323 disabled, I performed the same on this device and changed…

Hi Guys, I am experiencing really low bandwidth with the Sophos XG. I have tried turning of IPS, Web Filter, and Application control just to tshoot. Is there something with the OS version (SFOS 16.05.5 MR-5) that is causing this? Thanks. …

Dear, We are under attack since two days from two IP's. I try to block two IP's from the attackers but it doesn't seem to work. I created immediately the rule below with the two culprets, to drop and log all the traffic. The rule is the very first…

Hi, since I am using XG, I'am getting always IPS alerts, and I am concerned about, because I don't know the reason of these alerts. Are IPS alerts a alert about accessing websites with vulnerabilities or outdated software, or means an IPS alert…

We are having trouble downloading some Adobe Acrobat files from one of our vendors. The files are being flagged by the IPS system under the signature "Adobe Reader PDF Engine CVE-2017-3025 Memory Corruption Vulnerability". It only is affecting about 10…

Dear All, Please anyone can explain the IPS actions like drop, reset,disable, etc. and can we block the detected black list ip's for 30 minutes and where can i find the IPS black list ip's.

Good morning everybody! I have many IPS alerts, is that normal? And not all of the victims IP's are in my network! I use LAN_TO_WAN standart IPS policy!

Hi, We have had our new XG310 in for about a week now, it has mostly been going ok. Just today though, outgoing attachments from Outlook all of a sudden stopped sending. (Stayed in Outbox) I found that all of sudden, IPS was blocking traffic to…

I have a basic firewall policy set up with the default LAN_TO_WAN IPS policy enabled. I have downloaded a few different versions of the the standard EICAR test string and these appear in the firewall log under malware but they appear to make it through…

Hello During the setup wizard to configure ports and stuff. You get the option to setup IPS and other settings. I set IPS to Lan_Wan. Do I need to do anything else or is the defaults working on recommended settings? Thank you Brock

Hello, I am running XG Firewall for a few months now. However, I still have a problem which I could not solve yet. When trying to update my apps on my Android phone, Google Play Store keeps trying to download the updates. After several minutes I receive…

Hello Supporters, I'm facing a problem while trying to work with IPS, each time i start IPS service i lose internet connection after 1 hour (estimated). Even if i didn't associate any ips profile to any role. I tried to associate WAN to Lan on DNat…

Hi Guys, I'm trying to update couple of windows 7 pro machines to Windows 10 using windows 10 upgrade assistance. However the traffic being dropped by IPS rule LAN--> WAN. Below is what I see in logs. Time - 2017-05-09 09:53:01 Log Comp - Anomaly…