• IPS action "Bypass Session" making confusion

    Deepak Verma
    Deepak Verma
    Dear All, There is an action in the IPS policy " Bypass Session" and as per documents " Bypass Session - Allows the entire session if detects any traffic that matches the signature." and recommendation for the same is: "To save resources and avoid…
    • over 6 years ago
    • Sophos Firewall
    • Discussions
  • C2/Zbot-A - false positives or actual infection?

    Mateusz Bender
    Mateusz Bender
    Every once in a while I get a hit in Advanced Threat Protection for C2/Zbot-A. Those are single hits, with pretty benign destinations (usually targetting one of the DNS servers used by our infrastructure). The first time it happened I scanned the specific…
    • over 6 years ago
    • UTM Firewall
    • Network Protection: Firewall, NAT, QoS, & IPS
  • Intrusion Prevention Exclusions

    K M
    K M
    So, I inherited the current UTM 9 config and have been working on updating the definitions (some were out of date, some were no longer needed, etc). I found a large group called "Google Server Group" with the following entries: accounts.google.com apps…
    • Answered
    • over 6 years ago
    • UTM Firewall
    • Network Protection: Firewall, NAT, QoS, & IPS
  • Can not Download Apps from Windows Store

    xenon2008
    xenon2008
    Hello together! When i want to Download Apps from the Windows 10 Store, only a few MB are downloaded and then the download stops .. In the IPS Log i always found "MALWARE-OTHER Executable control panel file download request" (SID=33942) this Event…
    • over 6 years ago
    • UTM Firewall
    • Network Protection: Firewall, NAT, QoS, & IPS
  • IPS Sophos XG DOS Protection

    Danny Chaplin
    Danny Chaplin
    IPS Sophos XG DOS Protection What do you have set for your IPS / DOS protection i have tried the standard limits and also increased them and found traffic related issues not sure if found any issues with the XG or found a sweet spot. Obviously different…
    • Answered
    • over 6 years ago
    • Sophos Firewall
    • Discussions
  • Question on Default Action for Intrusion Protection Rule

    dma0
    dma0
    I recently noticed some activity flagged as attacks on the XG Dashboard. Clicking on it indicated that the packets were allowed. I looked through the IPS policies to find the applicable rule, which was this one: Apple QuickTime traf Atom Out-Of-Bounds…
    • over 6 years ago
    • Sophos Firewall
    • Discussions
  • Tivo flagged with - Apache HTTP Server mod_rpaf x-forwarded-for Denial of Service

    Gary21
    Gary21
    I have noticed that my Tivo is being flagged by the IPS with "Apache HTTP Server mod_rpaf x-forwarded-for Denial of Service." There were 27 instances yesterday, with 3 noted IP address targets. Is this a false positive or something that I should be concerned…
    • over 6 years ago
    • Sophos Firewall
    • Discussions
  • How to disable IPS when using WAF?

    oxident
    oxident
    Hi! Although I have selected "None" for Protection and Intrusion Protection in a specific WAF rule, I'm gettings tons of instrusion attacks on that webserver. Unfortunately, they are all false positives because the webserver is a cloud file server …
    • over 6 years ago
    • Sophos Firewall
    • Discussions
  • IPS blocking VoIP Packet

    Timotheus
    Timotheus
    We recently discovered that our UTM was blocking packets that we needed for VoIP. RTP packets were being discarded because IPS detected a UDP Flood Attack. The issue was difficult to find because the UTM was only discarding a relativly small number…
    • over 6 years ago
    • UTM Firewall
    • Network Protection: Firewall, NAT, QoS, & IPS
  • Need Help with QoS and a few General Things

    Amadyl
    Amadyl
    Hello there, please do not blame me for my bad english, i am not a native english speaker but i will try my best. Through a Blog i found the Sophos XG for Home and i bought an ITX System with dual NICs. Now i have a few problems. 1. IPS …
    • Answered
    • over 6 years ago
    • Sophos Firewall
    • Discussions
  • Saturday Installation Second Attempt

    SophosNewby
    SophosNewby
    So I have a second opportunity this coming Saturday to install the XG210 after some more work to my rules and help from the members here. Because our existing firewall had SIP disabled and h323 disabled, I performed the same on this device and changed…
    • over 7 years ago
    • Sophos Firewall
    • Discussions
  • #7672711 - Low bandwidth on Sophos XG 330 - Version SFOS 16.05.5 MR-5

    Desmond Besa
    Desmond Besa
    Hi Guys, I am experiencing really low bandwidth with the Sophos XG. I have tried turning of IPS, Web Filter, and Application control just to tshoot. Is there something with the OS version (SFOS 16.05.5 MR-5) that is causing this? Thanks. …
    • over 7 years ago
    • Sophos Firewall
    • Discussions
  • Intrusion Prevention Alert (Packet dropped)

    ICT Department1
    ICT Department1
    Hi guys, I keep getting the following alert and just wondered if it was anything to worry about / look further into: Intrusion Prevention Alert An intrusion has been detected. The packet has been dropped automatically. You can toggle this rule…
    • Answered
    • over 7 years ago
    • UTM Firewall
    • Network Protection: Firewall, NAT, QoS, & IPS
  • HA in Active/Active - IPS load balancing test results

    Mokaz
    Mokaz
    Hi there, I've spent a little time testing the IPS offloading or load balancing behaviors while in a High Availability Cluster setup (Active/Active). I've setup two VM's on a ESXi 6.5 physical host. VMs have all the same networks, nics, ram, disks and…
    • over 7 years ago
    • UTM Firewall
    • Network Protection: Firewall, NAT, QoS, & IPS
  • Drop all traffic from ip's attacker

    KoenT
    KoenT
    Dear, We are under attack since two days from two IP's. I try to block two IP's from the attackers but it doesn't seem to work. I created immediately the rule below with the two culprets, to drop and log all the traffic. The rule is the very first…
    • over 7 years ago
    • Sophos Firewall
    • Discussions
  • C2/Zbot-A detected from IP = iphone ?

    TheNorthern_Light
    TheNorthern_Light
    Hello, Just curious, I received a warning from my firewall that it detected the C2/Zbot-A C&C virus from an IP that points to my iphone7 (it is NOT hacked, and is fully patched IOS). The only thing in my IPS log is: "2017:09:07-05:48:08 gateway…
    • over 7 years ago
    • UTM Firewall
    • Network Protection: Firewall, NAT, QoS, & IPS
  • Hardware Recmendations for 10Gb WAN Connection

    technitect
    technitect
    Hi all, I really need some straight talk to see if what I want is even possible. We currently have a 10Gb WAN connection to our home, and I'm currently utilizing a Microtik RouterBoard with ACL's for marginal security. I'm not comfortable with that level…
    • over 7 years ago
    • UTM Firewall
    • Hardware, Installation, Up2Date, Licensing
  • C2/Generic-A AFCd

    Bethany E
    Bethany E
    I'm having multiple UTMs reporting a C2/Generic-A from IP address: 45.33.9.234. I have scanned every server/PC that is reporting on and there is never anything there. I believe this is a false positive and I cannot get Sophos to help me out on this one…
    • over 7 years ago
    • UTM Firewall
    • Network Protection: Firewall, NAT, QoS, & IPS
  • Basic Advanced Threat Protection Understanding?

    iTechThingsSeriously
    iTechThingsSeriously
    My dashboard regularly shows botnet/command and control traffic detected. It is always BYOD hosts that cause it to trip. I understand protocol is to take these devices offline and scan them for viruses, but I would really like to know if there is anything…
    • over 7 years ago
    • UTM Firewall
    • Network Protection: Firewall, NAT, QoS, & IPS
  • IPS alerts - Have I to be concerned?

    FormerMember
    FormerMember
    Hi, since I am using XG, I'am getting always IPS alerts, and I am concerned about, because I don't know the reason of these alerts. Are IPS alerts a alert about accessing websites with vulnerabilities or outdated software, or means an IPS alert…
    • Answered
    • over 7 years ago
    • Sophos Firewall
    • Discussions
  • IPS attacks with source IP addresses of UTM

    FormerMember
    FormerMember
    Hi, today, i've got many IPS alerts with the source IP of UTM's LAN and WAN ports. Is this normal? Regards Meghan P.S. The address No.1 in Screenshot 1 is the LAN IP of UTM and address No.2 is the WAN IP of UTM
    • over 7 years ago
    • UTM Firewall
    • Network Protection: Firewall, NAT, QoS, & IPS
  • XG310 IPS Flagging Some Adobe Files but XG125 Is Not - Same firmware / pattern updates / settings

    AllanD
    AllanD
    We are having trouble downloading some Adobe Acrobat files from one of our vendors. The files are being flagged by the IPS system under the signature "Adobe Reader PDF Engine CVE-2017-3025 Memory Corruption Vulnerability". It only is affecting about 10…
    • over 7 years ago
    • Sophos Firewall
    • Discussions
  • IPS Actions

    qasim siddiq
    qasim siddiq
    Dear All, Please anyone can explain the IPS actions like drop, reset,disable, etc. and can we block the detected black list ip's for 30 minutes and where can i find the IPS black list ip's.
    • over 7 years ago
    • Sophos Firewall
    • Discussions
  • How do I know if IPS blocks a specific malware? Can I add my own rule?

    MateuszKordaszewski
    MateuszKordaszewski
    Hello all, Do you know if Sophos will protect our network from the APT10 Operation Cloud Hopper Malware threat ? (link points to pdf document about the malware) https://www.google.co.uk/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&cad=rja&uact=8&ved=0ahUKEwjZs_udk9vUAhWF0RoKHbxIDqoQFggxMAI&url…
    • Answered
    • over 7 years ago
    • UTM Firewall
    • Network Protection: Firewall, NAT, QoS, & IPS
  • Many IPS alerts

    FormerMember
    FormerMember
    Good morning everybody! I have many IPS alerts, is that normal? And not all of the victims IP's are in my network! I use LAN_TO_WAN standart IPS policy!
    • over 7 years ago
    • Sophos Firewall
    • Discussions
<>