Hi All, hope you can help. Ive recently been getting a lot of alerts with this as can be seen in the image below. searching with some of the IP addresses on greynoise it shows it as commonly seen and it is nothing to worry about. i have seen that…

Hey, after deploying our new XGS3300 with SFOS v21 we noticed several IPS Alerts which are created from a Veeam Guest Interaction Proxy to the Veeam Backup Server: Attack : FILE-OTHER Adobe Premier Pro ibfs32.dll dll-load exploit attempt Attacker: Guest…

Today we've had a partial outage due to high /var partition usage. It was flapping between 70% and over 90% in a short time. /dev/var 179.3G 138.6G 40.7G 77% /var /dev/var 179.3G 138.8G 40.5G 77% /var /dev/var 179.3G 138.9G 40.4G 77% /var /dev/var…

hello, The last two days, we've been receiving an http virus mail from sophos firewall with the following message, (Malware 'Unscannable' was detected and blocked in a download from acroipm2.adobe.com). what we had done so far, full scan launched…

Hi, all of a sudden we see that our FreePBX installations triggers Network-attacks in our XGS. "Attacker" is our FreePBX, 192.168.1.22 - "Victim" is the IP of our SIP-Trunk Provider. Attack : PROTOCOL-VOIP Contact header format string attempt. This…

Hallo Gemeinde Auf der alten UTM konnte ich in den Netzwerkdefinitionen Mac-Adresslisten erstellen und diese dann als Black oder Whitelist verweden. Auf meiner XG-Home Sfos 20.0.2 MR-2 Build378 gibt es unter Wireless / Wireless-Networks / "myWLAN…

Hi Zusammen, ich hadere gerade damit, das IPS einer Sophos so einzurichten, dass sie einen Portscan blockiert, oder zumindest überhaupt mal erkennt. Meine Richtline hat einen Smartfilter "nmap" (hab aber auch schon alle 7k Richtlinien aktiviert…

Hi all, im pretty new to the sophos firewall i noted that on the dashboard it showed an attack and also checked the logs whcih are both shown below. From this i can see that it was detected rather than blocked. Is there a way to set the IPS to block by…

Hello everyone, Since yesterday, we have been experiencing a consistent IPS alert from our firewall (XGS Vers. SFOS 20.0.2 MR-2-Build378 ). The affected connection is between our email gateway/proxy in the DMZ and our mail server. Every 30 minutes…

hello, I got this intrusion attempt for the first time. just don't know what to do. I looked for any recent downloads and browsing history, and asked the user if he plugged any device to the computer but nothing suspicious found. this is a screenshot…

hello, Alert Message: Message: SERVER-WEBAPP Arcadyan Routers CVE-2021-20090 Path Traversal Attempt I got this Alert today, and the attacker is one of the company's computer, I read an article about this vulnerability…

Dear Member I hope this message finds you well. I am currently encountering a significant amount of network traffic related to the Attack-FILE-IMAGE ImageMagick SyncExifProfile Out Of Bounds Array Indexing alert. the firewall ais detecting and dropping…

I found https://community.sophos.com/sophos-xg-firewall/f/discussions/110856/default-ips-policies/397166?focus=true, didn't help. Sophos pre-packages some IPS policies by default. Without having to go through each of them with a fine toothed comb, is…

Cannot send Viber attachment on desktop version but successful on mobile version. Just migrated from XG210 to XGS2100 with latest firmware SFOS 20.0.1 MR-1 Build 342. No problem in fresh setup on XGS2100 both desktop and mobile version on Viber. Thank…

Hallo zusammen, Ich stehe vor einem (mir) etwas neuem Problem. Einer meiner Kunden möchte einen externen Pentest durchführen, dieser Dienstleister fragt an ob wir seine IPs für den IPS Scan whitelisten können. Mein Google-Fu hat mich soweit geleitet…

Hi All Ive spent some time on the Sophos documentation but I'm unable to get to an answer via the available online resources. I have a firewall with a few basic rules. Unrestricted internet policy - less web and app filter restrictions based on…

Hello, Im doing some POC to chose the best firewall that have a good NGIPS. The default IPS profile was not able to block Impacket, psexec or any other Windows RCE. How can i made the IPS policy more strict for a LAN to LAN policy.

We have some customers who use quite sensitive software. We have had repeated session drops with one customer (always at noon on Tuesdays -GMT-) The IPS patterns are said to have been updated at this time today. IPS is only active for some external connections…

Hello All, I am a newbee to XG, but have been using UTM9 for some years. In UTM9, I could see a number of attacks being dropped every day. After I changed to XG (version SFVH [SFOS 20.0.0 GA-Build222]) I do no longer see any attacks. I have activated…

This topic has been covered before a few times but I was hoping to get some help wrapping my head around what I'm seeing. I tested 5 VPN configurations both with and without IPS turned on. As previously documented IPS kills basic throughput (without…

Hello Community, one of our customers requested whether we could block internet access for powershell in order to prevent sideloading of any malicious modules or scripts. On the SG firewall, I already tried adding an application block rule for…

hi, can you please show me a template for DOS best practices and proof protection

Hello Community, We have a UTM SG430 and 1GBit/s internet connection. Now I have noticed that IPS a. prevents the line from being fully utilized. b. Long response times (100ms-500ms) and even packet loss occur when the WAN interface is heavily utilized…

How to block applications such as advanced ip scanner from scanning the network? my product is sophos xgs 2300

Hallo zusammen, seitdem 29.02. erhalten wir täglich mehrere IPS Meldungen: Alert ID: 7002 "BROWSER-IE Microsoft Edge edgehtml.dll normalize missing div child use after free attempt" Wenn man die IPs nachvollzieht, sind es immer Microsoft Domains…