• Antivirus and IPS Engine service stopped in XG 210 firewall

    Lalitkumar Rajput
    Lalitkumar Rajput
    Hi, I have a sophos xg 210. It was working fine but it recently started to behave strange. The antivirus and IPS engine service is stops, when I restart it stops again and keep doing that. I have just update firmware from SFOS 18.0.5 MR-5-Build586 to…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Sip Trunk Anschluss - Trennung nach 60 Sekunden - HILFE

    adrian_User533
    adrian_User533
    Hallo, wir haben bei unserer TK Anlage seit gestern einen Vodafone SIP Trunk. Seit dem werden ausgehende Gespräch exakt nach 60 Sekunden getrennt. Nicht alle, es kommt mir so vor als ob es ca. 30 Minuten läuft, dann gehen die Trennungen wieder los.…
    • over 3 years ago
    • UTM Firewall
    • German Forum
  • Protect server against brute force attacks

    PaLmd
    PaLmd
    Is there a service in Sophos XG that automatically blocks the ip of the client that is trying to brute force access a web server? That is, if there is, what can be an effective way to prevent brute force attacks on, for example, an apache server that…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • IPS does not show in reports

    Jeff x
    Jeff x
    I can see IPS log entries when I manually inspect the IPS log files but the IPS portion of the daily executive report has been blank for months. I used to see IPS entries in almost every daily report. Also, zero is reported for all IPS statistics on…
    • over 3 years ago
    • UTM Firewall
    • Network Protection: Firewall, NAT, QoS, & IPS
  • Upcoming IPS Engine Update - Early access opportunity

    RichBaldry
    RichBaldry
    We are in the final stages of preparing an update to the IPS engine used by SG UTM. We are upgrading to version 2.9.17 of Snort and are offering early access to the new release for customers who would like to try it out immediately. Updates to the Snort…
    • over 3 years ago
    • UTM Firewall
    • Release Notes & News
  • IPS log - Error reading session data / failed to get sessiontbl data for session id

    Markus Ottmann1
    Markus Ottmann1
    Hi community, we found many of the following entries in the /log/ips.log without facing any service interruptions or performance issues. XG450_WP02_SFOS 18.0.5 MR-5-Build586# tail /log/ips.log [Sep 03 08:49:53 :25629]:Error reading session data,status…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • IPSEngine stoped/dead XGW Home (SFOS 18.0.5 MR-5-Build586)

    aiborin
    aiborin
    I logged into the web console and noticed the IPS Service was red in the Control Center. I attempted to restart from the web interface but I received a "failed to start" message each time I tried. I also tried rebooting and went to manually update patterns…
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • User computer using OpenDNS DNS and firewall keeps producing these alerts

    cromwell uy
    cromwell uy
    Keep receiving Sophos Critical Notification Alerts emails for Intrusion Prevention Alerts We use OpenDNS DNS Host Servers as our primary dns and secondary dns. All these alerts are all outbound traffic from desktop computers to OpenDNS DNS Host Servers…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Sophos XG Slow Upload Speeds with IPS Enabled. Download Speeds are ok.

    CMC
    CMC
    System Sophos home license on an XG 125. Running latest firmware. Issue This is kind of interesting. I recently upgraded to gigabit internet. When the LAN to WAN firewall rule is enabled with nothing other than logging, my downloads are around 925Mbps…
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Dropped Connections during Pattern Updates

    Ryan McMillan
    Ryan McMillan
    Since installing multiple XG Firewalls in a multi-site environment, we have been plagued with "random" outages that last between 30-90 seconds. I have finally correlated this with Pattern updates for either ATP, AV or IPS. During the time of the definition…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Internal Port Scan Detection

    Jonathan Bouchier
    Jonathan Bouchier
    I recently came across an internal port scanner that was scanning ports on our Sophos XG firewall. Somehow this scanner got on a server. I was able to find this when I got an alert that there was a failed SSH authentication. There was not an actual authentication…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • reporting send/receive mail error as Intrusion attacks on firewall

    Andromeda
    Andromeda
    Hello there, I need help with something. When I send/receive mail in Outlook, an error message returns, and then on my firewall device, the mail server IP that I receive external service from appears as Intrusion attacks. What is the problem and how can…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • If nothing shows in ATP, IPS, Zero-Day logs how do I know if it's working?

    Wayne Folta
    Wayne Folta
    In the Firewall and SSL/TLS Inspection logs I can see positive and negative results.But I see nothing at all in the ATP, IPS, App Filter, Malware, and Zero-Day logs. Would they only show negative events -- i.e. malware in a download -- or should this…
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Info on email alert notification

    Pepe Tron
    Pepe Tron
    Hello everyone, I have a firewall running SFOS 18.0.5 MR-5-Build586. I am receiving email alerts when IPS detects something. Problem is, I am missing some info there. At least the source attack ip and the action that was taken. I have looked through…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • How to systematically analyze an IPS message?

    megrv
    megrv
    Assume, that I got the following email: This almost says nothing. The hostname above is the host name of the XG, not the source or the destination of the attack. Information, that I really must have: - Source IP of attacker - Destination IP - Some…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Suffering from DoS attack according to XG from internal devices

    rfcat_vk
    rfcat_vk
    Hi Folks, today the XG has decided that some of the DHCP requests are DDOS attacks and my security cameras are generating DDOS attacks. The cameras connect then immediately drop out. These cameras have been working for months. I end up with a IPS…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • When will IPS and applications be updated.

    rfcat_vk
    rfcat_vk
    Hi folks, I rebuilt my XG on the 22nd of April and most firmware that I expect to update has except IPS and Application. Please advise when IPS and Application will be updated? Ian
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Sophos SG125 - IPS FATAL error after applying backup on new hardware

    Danscho
    Danscho
    Hi Community. I did a hardware refresh of a SG125. Created a backup on my "old" appliance, started the new one, updated to the latest version and imported the backup. After some time the connection to the internet got lost (could not resolve DNS…
    • over 3 years ago
    • UTM Firewall
    • Network Protection: Firewall, NAT, QoS, & IPS
  • IP Spoofing Errors

    Wessk
    Wessk
    Hi, Suddenly I am not able to access Internet because of below on my sophos xg FW. The source IP is sophos Interface to ISP. This suddenly happened a few hours ago. What do I need to do?
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Enable IPS kills everything

    SLS Support
    SLS Support
    Just deployed a few UTM units at the customer site. They are all setup identically. One of the unit is having trouble enabling IPS. when IPS is disabled, everything works fine. However, as soon as I enable the IPS, the internal networks lose internet…
    • over 3 years ago
    • UTM Firewall
    • Network Protection: Firewall, NAT, QoS, & IPS
  • Custom IPS Signatures

    Vault Sec
    Vault Sec
    Hi everyone, unfortunately I was not able to find a proper answer to this anywhere. I want to create custom IPS signatures specifically for known bad hosts, so I will receive a mail alert via the notification system. My current settings for one such…
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • IPS CVE-2021-26855 default action to allow

    SOMOA
    SOMOA
    Hi How come the default action for the IPS is to allow CVE-2021-26855 when detected? Both signature IDs 2305106 and 2305107 are set to allow packet.
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • IPS Inbound SIP Trying blocked

    Thomas Rechberger
    Thomas Rechberger
    Default IPS rule has defined: PROTOCOL-VOIP inbound 100 Trying message 20404 protocol-voip 1 - Critical Windows, Linux, Unix... Server Drop packet Thus the following is received: 2021-03-09 14:33:02IPSmessageid="07002" log_type="IDP" log_component…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • IPS Signature ID links to CVE or other additional information

    MartinDamgaard
    MartinDamgaard
    Hi there We're seeing some IPS alerts with SID number 1170419080 - "SERVER-ORACLE Oracle MySQL sql_authentication Integer Overflow". How can i find more information about this? On Sophos UTM i can look up the Snort ID and the alert email usually contains…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • IDS rule for NMAP or other scanners

    Regex
    Regex
    Hello Community ! Do we have an IDS signatures for Port scanners like NMAPS ? we know that those programs can use different flags(RST, ACK, SYN, FIN...) while its scanning some services etc. Also can someone explain me whats means source and destination…
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
<>