Browse By Tags

Hello Team, I hope this message finds you well. I am writing to seek your assistance regarding a configuration issue I am facing with our sophos xgs firewall setup. We have recently configured traffic flow and firewall rules for inbound and outbound…

hi, can you please show me a template for DOS best practices and proof protection

Sophos v20 GA I have never noticed this IP Flood protection before. It is not applied, but I cannot see it's activation anywhere in the GUI. All I see activatable is SYN, UDP, TCP and ICMP, Dropped source routed packets, Disable ICMP/ICMPv6 redirect…

Hi everyone, this is not a technical issue but a desparate call for advise. Our Sophos UTM-firewall (firmware version: 9.816-2) is suffering from a (D)DOS-attack that is going on for several days now. Since our internet-connection only comprises of…

Purely hypothetical: If you would create a loop (broadcast-storm) in networks used on the firewall as gateway, would the firewall crash and stop to operate icluding all services? Would DoS settings prevent that and what kind of packet/burst rate would…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table of Contents Overview Smurf Teardrop LAND and…

What is the best way to established secure connection with the remote pc without being compromise security of your own pc. How to create firewall on your pc and servers? How to secure my company mail server security? Growthtakeover How to…

Hi all, short question from my side. I just saw the row "IP Flood" under Intrusion Protection --> DoS Attacks. I was curios, why it was turned of and then saw, that there is no way to configure it. At least not in the DoS settings: Furthermore…

Hello, I have run into an issue with DoS settings on our company's XG550 (running 18.5.4 MR-4 ). I wanted to enable DoS protection on it, so i setup a netflow server to send all netflow data to it so i could estimate the needed packet rates. And after…

Hello everybody, on our firewall XG XG310 (SFOS 18.5.4 MR-4-Build418) I have enabled IPS and I also wanted to enable the various DoS & spoof protection functions. Not being an expert on the subject, I enabled everything by ticking the various "apply…

Can anyone explain what Sophos meant when designing this menu? My experience comes from fortigate where most of options are logically ordered and described, but here im out of any How should i interprete it ? PIC 1 seems logical; Pic 2 SOPH…

Hello, After reading the following article at Arstechnica ( https://arstechnica.com/information-technology/2022/03/unending-data-floods-and-complete-resource-exhaustion-ddoses-get-meaner/?comments=1&start=0), and then the University of Maryland page…

Hi, i don't understand why sophos xg mark telegram as DDOS attack.. i have disabled DDOS protection tryied to disable IPS etc from Firewall rule but nothing change... i attached last test i did maybe i'm loosing some configuration? thank yo…

Hi I have a new Sophos XG136 without any firewall rule besides the default one. it is working in a bridge mode and connected to ISP modem and Cisco router. Both interfaces have 1000 Mbps - Full Duplex Auto-negotiated. When I make a speed test I'm…

Weird issue I am having. Our APs are having issues reaching 8.8.8.8 and 8.8.4.4 (not every time but enough and consistent enough to throw an error on the APs themselves) When I check the Log Viewer I don't see any issues or dropped traffic. When I…

Hello, We are implementing a Sophos firewall to take advantages of some of its features -- DoS being one of them. We were recently asked if the Sophos firewall can protect against layer 3 and layer 4 attacks. I'm not too familiar with DoS, and the setup…

Hello, I just set up a new Sophos Firewall on my Dell XPS tower (testing). It was all working nice, I was getting about 230 Mbps bandwidth from fast.com. Then I enabled DoS from Intrusion Prevention --> DoS & spoof protection [tab] --> DoS settings…

Hi folks, looking for some help with DoS settings. Suddenly my security cameras are failing DoS UDP and ICMP flooding. I have disabled DoS fro UDP and ICMP to allow the cameras to work. What I have tried and failed with. 1/. new application for…

Hello Community ! Do we have an IDS signatures for Port scanners like NMAPS ? we know that those programs can use different flags(RST, ACK, SYN, FIN...) while its scanning some services etc. Also can someone explain me whats means source and destination…

Hello commuity. I'm trying to set up the DoS Protection, but, I'm not sure about the values to set. With a 100MB/s of internet speed how could be the numbers? I tried to set these number, but, it still dropping a lot of good traffic: Packet rate per…

Are there any recommended starting point configurations for the DoS Settings on an XG330 firewall in HA running v17.5? Any network metrics I could look at to best tailor this protection for our environment? https://support.sophos.com/support/s/article…

Dear All, I have configured DOS policy and I can see the packet dropped by the DDOS but where I can see the logs? I tried to find out in IPS, System, Firewall logs but no luck. Please help

Hi, My enviroment, XG125 HA 17.0.8 version i´ve some AP 100 configured by DHCP, for example 192.168.157.221 and XG LAN is 192.168.157.70. At realtime console I can se events like this even no clients connected: 2018-07-05 07:10:29…

IPS Sophos XG DOS Protection What do you have set for your IPS / DOS protection i have tried the standard limits and also increased them and found traffic related issues not sure if found any issues with the XG or found a sweet spot. Obviously different…