Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

  • XG450 Advanced Threat Protection -> C2/Generic-A -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe - False Postive Alarm?

    Hello, we are using : Sophos XG450 (SFOS 18.5.1) During the last 2 weeks we recceived the following Security Warnings on 2 different Computers: Was ist passiert: Ein Computer hat schädliche Daten versandt. Das lässt darauf schließen, dass er mit…
  • XG550 DoS settings

    Hello, I have run into an issue with DoS settings on our company's XG550 (running 18.5.4 MR-4 ). I wanted to enable DoS protection on it, so i setup a netflow server to send all netflow data to it so i could estimate the needed packet rates. And after…
  • Sophos suddenly detecting Trusteer Rapport?

    Noticed ransomware alert from a PC with C:\Windows\System32\msiexec.exe but drilling down I can see it's Trusteer Rapport. I have about a dozen machines with this software though and none of the others are alerting. I'm 99% sure it's a false positive…
  • IPS and Flood Protection logs always empty in GUI

    Is there a setting I'm missing? Every one of our several hundred firewalls always shows empty IPS logs ("No record found"), even when the firewall shows that it has been dropping packets due to flood protection. See the screenshots below.
  • DoS & spoof protection (What settings do you recommend?)

    Hello everybody, on our firewall XG XG310 (SFOS 18.5.4 MR-4-Build418) I have enabled IPS and I also wanted to enable the various DoS & spoof protection functions. Not being an expert on the subject, I enabled everything by ticking the various "apply…
  • zero-day protection Subscription module

    Hi all, xg sophos: I want to know if registration for the module in question is necessary? in order to convince the top management of this functionality, I would like to know these advantages and especially the risks and disadvantages of not subscribing…
  • Application control blocking websites

    Hi, one of our customer was trying to browse "https:// apex.irclass.org :82 " but failed. I have allowed the fqdn and found nothing wrong logs in web filtering and application control logs. When i removed the application control, start getting the…
  • IPS Problem "OS-LINUX Linux Kernel Netfilter iptables-restore Stack-based Buffer Overflow" Epic Gamestore Minimal fix?

    Over the last month I have occasionally been getting a flood of IPS warnings Alert ID 7002 " Message: OS-LINUX Linux Kernel Netfilter iptables-restore Stack-based Buffer Overflow" No mention of the source, and nothing in the IPS tab of the log viewer…
  • IPS Logging

    How does one enable logging (so one can see it in the Log Viewer in the management web interface) of IPS events. Every time I have a IPS problem, I get email notifications but the IPS Log Viewer tab is empty - how can i get it to populate? Regards…
  • What happened to ZENDESK in the application list

    Hi folks, zendesk was classified as unsanctioned on my XG due to one IoT device continually incorrectly calling a zendesk site. Tonight I tried to correct the classification so that the Sophos Home Premium support pages would work, but receive the…
  • Alerts C2/Generic-A

    Dear, We are facing a very strange situation regarding the very frequent alerts we are getting for C2/Generic-A. Most of these alerts have origin addresses, from DNS servers, such as 8.8.8.8 for example, but what is intriguing is what in the details…
  • Unable to block Hotspot Shield and Betternet VPN

    Hi guys, I have been trying to block the hotspot shield and Betternet VPN. I have included them in the Applications Filter. I created a support ticket with Sophos and we were able to block the said applications by decrypting HTTPS using web proxy…
  • Deny logs as IP Spoof after New interface creation

    Hi friends, Some kind of error logs appeared after this integration detailed below. We have added AP as a new interface like below; AP is on 192.168.11.1, all features disabled. WAN connection is on PORT#4
  • Sophos Firewall: Troubleshoot a broken application in SFOS

    Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table of Contents Overview Invalid Traffic Troubleshooting…
  • Synology NAS loses connection after IPS is enabled in LAN to WAN Rule ?

    Hi, I'm struggling to understand an issue I'm facing. It seems like my NAS is losing few functionalities once I activate IPS (lantowan_general) in my LAN to WAN rule. I see some IP being blocked, unable to perform cloud sync, etc.. but it's not clear…
  • Can we talk about STUN traffic?

    I'm noticing that when I do reports or look at live connections, I see a lot of STUN traffic. And it's a LOT of traffic, which is puzzling in that I thought STUN was merely a tool to figure out how to get a direct connection when that would otherwise…
  • XGS High CPU Usage - Snort

    I have a cluster of XGS2300 firewalls that do not seem to offload traffic via "fastpath" as they should. Sometimes it works great, but other times it seems like it doesn't offload anything. CPU utilization sits around 40-50%. Currently the firewall…
  • SOPHOS XGS Application Control blocking nordVPN

    Hi , is there any Option to block nordVPN , wasn't able to find any option in the Application Control . For the most shady VPN Provider are blocking options available. We highly need to block any kind of shady VPN ´ s specally nordVPN ! We are…
  • XG stops routing

    I've got a ticket open for this, but have no idea how much effort is being put into it. Any extra help gratefully received or our office is going to be offline for most of the weekend. Our XG135 suddenly stopped passing almost all traffic the other…
  • google play application control Sophos XG firewall

    need to block google play app via application control in Sophos XG firewall as i couldn't find it in the application filter
  • Remote VPN only to Domain Computers

    Is there a way to prevent home users to use VPN Client on the own devices? We would like to allow only Domain Computers or generate a certificate to restring user's devices. Unfortnately, I don't have Sophos Central InterceptX to use Heartbeat status…
  • An attempt to communicate with a botnet or command and control server has been detected.

    Hi Everyone! Can anyone help me? I received several reports from XG Firewall that a n attempt to communicate with a botnet or command and control server has been detected. The source IP is Google's DNS (8.8.8.8 and 8.8.4.4) and my DNS (203.167.97…
  • Enabling IPS for internal users?

    How do I enable IPS for the data coming in as a response to client request? If I add iPS to the outbound Traffic to WAN rule will it also apply to the inbound results? I can't see where I can add it to the Traffic to WAN NAT rule.
  • most of LAN<->Server communication detected as "Torrent Clients P2P"

    We've replaced a SG by XGS 18.5 MR3 and there is now massive false positive detection of Torrent Client P2P traffic by application filter. Most firewall rules for internal traffic have the default Application filter applied: "Block high risk (Risk Level…
  • DDOS protection explained

    Can anyone explain what Sophos meant when designing this menu? My experience comes from fortigate where most of options are logically ordered and described, but here im out of any How should i interprete it ? PIC 1 seems logical; Pic 2 SOPH…