Browse By Tags

  • Intrusion Prevention Blocked Office 365 Attachments

    Hi, We have had our new XG310 in for about a week now, it has mostly been going ok. Just today though, outgoing attachments from Outlook all of a sudden stopped sending. (Stayed in Outbox) I found that all of sudden, IPS was blocking traffic to…
  • IPS not blocking EICAR signature

    I have a basic firewall policy set up with the default LAN_TO_WAN IPS policy enabled. I have downloaded a few different versions of the the standard EICAR test string and these appear in the firewall log under malware but they appear to make it through…
  • Release Range AKAMAI

    Good afternoon Mrs. I need to release all AKAMAI ips range on the firewall, but I can not do that because there are many. Any tips or concerns?
  • IPS setup

    Hello During the setup wizard to configure ports and stuff. You get the option to setup IPS and other settings. I set IPS to Lan_Wan. Do I need to do anything else or is the defaults working on recommended settings? Thank you Brock
  • Google Play Store blocked by IPS

    Hello, I am running XG Firewall for a few months now. However, I still have a problem which I could not solve yet. When trying to update my apps on my Android phone, Google Play Store keeps trying to download the updates. After several minutes I receive…
  • Gigabit Connection severely hampered by UTM's IPS.

    We recently got Verizon FIOS gigabit in our area, so we decided to make the jump. We had 150/150 previously with no throughput problems whatsoever. Since upgrading to gigabit, however, speeds through the UTM with IPS enabled are capping out at 240Mbit…
  • No Internet after starting IPS Service

    Hello Supporters, I'm facing a problem while trying to work with IPS, each time i start IPS service i lose internet connection after 1 hour (estimated). Even if i didn't associate any ips profile to any role. I tried to associate WAN to Lan on DNat…
  • XG IPS rule dropping Windows 10 Upgrade assistant packets

    Hi Guys, I'm trying to update couple of windows 7 pro machines to Windows 10 using windows 10 upgrade assistance. However the traffic being dropped by IPS rule LAN--> WAN. Below is what I see in logs. Time - 2017-05-09 09:53:01 Log Comp - Anomaly…
  • Need help adding IPS Exceptions

    When visiting nfl.com/draft/2017 and clicking on the Tracker tab packets are being blocked and I receive alerts like the following. Intrusion Prevention Alert An intrusion has been detected. The packet has been dropped automatically. You can toggle…
  • IPS False Positive detection ?

    Hi all, Can someone look at the log and let me know if this is false positive? What makes me think so: 192.168.2.38 is an iPhone, 10.16.3.160, 10.16.4.22 are both MacBook Pro, 192.168.2.8 is Ubuntu, so none of the devices is actually Windows based?…
  • XG Best Practice, Firewall, IPS, VPN ect.

    Hi All, We have a new XG + Sophos central/interceptX. I have the firewall setup with a copy of LAN-WAN IPS with all but windows clients/servers removed, SSL decrypt+scan and yellow or above heartbeat policy setup. Is this how we should go or does…
  • IPS Blocking Ebay Signin

    Hi all, I am new to XG so please be nice :-) Running XG230 with SFOS 16.05.2 MR-2 and IPS Signatures 3.13.35 I have this wee issue that when a user tries to login to eBay they basically time out. Getting to eBay is fine but when they add a user…
  • Enabling Anti-DoS/Flooding slows download speed by over 300 Mbps. Does that seem right?

    The network in question was getting DDoS attacks almost daily so IPS was enabled and configured which stopped the attacks. In the Anti-DoS/Flooding tab TCP SYN Flood Protection, UDP Flood Protection, and ICMP Flood Protection have all been applied. Since…
  • IPS - Some signature are false positive

    Hi There, after some days, I would like to share some strange things with XG IPS module. See the screenshot: I have MAC at home so the first 2 signature cannot be applied. First Signature CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name…
  • Exclude the traffic coming from specific website from IPS check

    Hello, I installed XG Firewall Home Edition last month and I'm enjoy studying it now. I have a question about the exception for IPS. Is there any way to exclude the traffic between a specific website and LAN from IPS check? I don't want to remove the…
  • IPS Inspection of SSL traffic

    After looking through the UTM 9 features it looks like Web Filtering and Web Application Firewall offer a SSL inspection. It's my (potentially flawed) understanding that WAF and Web Filtering do not equal IPS. Is IPS blind to SSL traffic or is there…
  • SIP error due to MultiTech SIP UDP Overflow

    Hi, I'm new in Sophos, we decided to use SIP in our company but the Firewall rejects it. When I checked the logs I saw below errors. Would appreaciate if you can help. Log: 2017-01-09 00:35:47 Signatures Drop - …
  • help with blocking hola networks

    So, just this evening I started to get the following warning: --- Intrusion Prevention Alert An intrusion has been detected. The packet has *not* been dropped. If you want to block packets like this one in the future, set the corresponding intrusion…
  • SFOS 16.0.1.2 can't get the IPS running... (Dead, tried the previous thread)

    i've installed a vanilla Sophos engine and configured it to publish a bunch of services like exchange, RDG, etc. Now i was looking at my services after i got this up and running but i see now that the IPS engine is dead.... From the community i followed…
  • List of IPS rules, their description and understand if a patch or misconfiguration is in place

    UTM9 used to have a html page like this one: https://lists.astaro.com/ASGV9-IPS-rules-2970.html not reachable anymore where filtering per rule id, we were able to find signature details, CVE and other additional information in order to help administrators…
  • IPS throughput

    I bought a XG125 this year , and have a spec question. XG125 has high performance numbers as below : Throughput 5,000 Mbps IPS 1,000 Mbps Concurrent connections 6,200,000 New connections/sec 35,000 I read the datasheet of XG125 , cannot find the testing…
  • Increase in traffic dropped under TCP Flood after upgrade to V16.01.2

    There is a sudden increase in traffic dropped under TCP Flood after upgrade to V16.01.2 (XG-135). Below screenshot for ref. Please suggest a solution for this issue. Earlier V16 & V15 didn't used to show such huge numbers under traffic dropped.
  • Web Browsing stop for a few minutes

    Hi, We are facing an issue on one of our UTMs, It has 4 wan interfaces, one is the main link with 50mbps. Sometimes usually in the morning or early afternoon the internet browsing stops, we can ping but cannot browse internet pages. We've tested the…
  • IPS and Application

    I have notice that the IPS and Application seem to not be working their is nothing listed in the logs of IPS and Application for the pass week no activity. I have tried nmap to try and trigger the rules of the ids and tried some of the applications…
  • Selective IPS Opt-In

    I have been using IPS for some time on my old Astaro 8 firewall, however, I'm about to upgrade to a UTM 9 device and I'm trying to decide how much IPS throughput I'm going to need. Is there a way to enable IPS for only specified hosts and or services…