Browse By Tags

Hallo, wir haben bei unserer TK Anlage seit gestern einen Vodafone SIP Trunk. Seit dem werden ausgehende Gespräch exakt nach 60 Sekunden getrennt. Nicht alle, es kommt mir so vor als ob es ca. 30 Minuten läuft, dann gehen die Trennungen wieder los.…

Is there a service in Sophos XG that automatically blocks the ip of the client that is trying to brute force access a web server? That is, if there is, what can be an effective way to prevent brute force attacks on, for example, an apache server that…

I can see IPS log entries when I manually inspect the IPS log files but the IPS portion of the daily executive report has been blank for months. I used to see IPS entries in almost every daily report. Also, zero is reported for all IPS statistics on…

Hi community, we found many of the following entries in the /log/ips.log without facing any service interruptions or performance issues. XG450_WP02_SFOS 18.0.5 MR-5-Build586# tail /log/ips.log [Sep 03 08:49:53 :25629]:Error reading session data,status…

I logged into the web console and noticed the IPS Service was red in the Control Center. I attempted to restart from the web interface but I received a "failed to start" message each time I tried. I also tried rebooting and went to manually update patterns…

Keep receiving Sophos Critical Notification Alerts emails for Intrusion Prevention Alerts We use OpenDNS DNS Host Servers as our primary dns and secondary dns. All these alerts are all outbound traffic from desktop computers to OpenDNS DNS Host Servers…

System Sophos home license on an XG 125. Running latest firmware. Issue This is kind of interesting. I recently upgraded to gigabit internet. When the LAN to WAN firewall rule is enabled with nothing other than logging, my downloads are around 925Mbps…

Since installing multiple XG Firewalls in a multi-site environment, we have been plagued with "random" outages that last between 30-90 seconds. I have finally correlated this with Pattern updates for either ATP, AV or IPS. During the time of the definition…

I recently came across an internal port scanner that was scanning ports on our Sophos XG firewall. Somehow this scanner got on a server. I was able to find this when I got an alert that there was a failed SSH authentication. There was not an actual authentication…

Hello there, I need help with something. When I send/receive mail in Outlook, an error message returns, and then on my firewall device, the mail server IP that I receive external service from appears as Intrusion attacks. What is the problem and how can…

In the Firewall and SSL/TLS Inspection logs I can see positive and negative results.But I see nothing at all in the ATP, IPS, App Filter, Malware, and Zero-Day logs. Would they only show negative events -- i.e. malware in a download -- or should this…

Hello everyone, I have a firewall running SFOS 18.0.5 MR-5-Build586. I am receiving email alerts when IPS detects something. Problem is, I am missing some info there. At least the source attack ip and the action that was taken. I have looked through…

Assume, that I got the following email: This almost says nothing. The hostname above is the host name of the XG, not the source or the destination of the attack. Information, that I really must have: - Source IP of attacker - Destination IP - Some…

Hi Folks, today the XG has decided that some of the DHCP requests are DDOS attacks and my security cameras are generating DDOS attacks. The cameras connect then immediately drop out. These cameras have been working for months. I end up with a IPS…

Hi folks, I rebuilt my XG on the 22nd of April and most firmware that I expect to update has except IPS and Application. Please advise when IPS and Application will be updated? Ian

Hi Community. I did a hardware refresh of a SG125. Created a backup on my "old" appliance, started the new one, updated to the latest version and imported the backup. After some time the connection to the internet got lost (could not resolve DNS…

Hi, Suddenly I am not able to access Internet because of below on my sophos xg FW. The source IP is sophos Interface to ISP. This suddenly happened a few hours ago. What do I need to do?

Just deployed a few UTM units at the customer site. They are all setup identically. One of the unit is having trouble enabling IPS. when IPS is disabled, everything works fine. However, as soon as I enable the IPS, the internal networks lose internet…

Hi everyone, unfortunately I was not able to find a proper answer to this anywhere. I want to create custom IPS signatures specifically for known bad hosts, so I will receive a mail alert via the notification system. My current settings for one such…

Hi How come the default action for the IPS is to allow CVE-2021-26855 when detected? Both signature IDs 2305106 and 2305107 are set to allow packet.

Default IPS rule has defined: PROTOCOL-VOIP inbound 100 Trying message 20404 protocol-voip 1 - Critical Windows, Linux, Unix... Server Drop packet Thus the following is received: 2021-03-09 14:33:02IPSmessageid="07002" log_type="IDP" log_component…

Hi there We're seeing some IPS alerts with SID number 1170419080 - "SERVER-ORACLE Oracle MySQL sql_authentication Integer Overflow". How can i find more information about this? On Sophos UTM i can look up the Snort ID and the alert email usually contains…

Hello Community ! Do we have an IDS signatures for Port scanners like NMAPS ? we know that those programs can use different flags(RST, ACK, SYN, FIN...) while its scanning some services etc. Also can someone explain me whats means source and destination…

In the last 2 days we received several ATP Mail alerts from the UTM. The hostname / IP shown in the mail is not listed in the ATP Log but i can see the IP of the host on the ATP Dashboard (Advanced Protection Statistics) in webadmin. There is no exception…