• IPS policy for site-to-site VPN

    Andre Soares
    Andre Soares
    What IPS policy should I use in the Lan to Lan rule? (vpn site to site) Thanks
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • what are the possibilities of xg home firewall with limited hardware [THREAT PROTECTION, TLS INSPECTION]

    mike bo
    mike bo
    what traffic can be handled in version 4 core, 6Gb RAM in relation to IPS/IDS
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • DNS queries for any .tk domain are blocked by IPS.

    Jeff x
    Jeff x
    I need to allow DNS lookups for a particular .tk domain. I read this old thread but " Add an Exception for wiki.tcl.tk in 'Advanced Protection >> Advanced Threat Protection " doesn't work. The DNS lookup traffic is still blocked. I'm in the same situation…
    • over 1 year ago
    • UTM Firewall
    • Network Protection: Firewall, NAT, QoS, & IPS
  • Signature Sinkhole

    Jirayu Siangsai
    Jirayu Siangsai
    Firmware version 17.0 have this signature but firmware version 18.5, 19.0, and 19.5 do not have this signature. Can anyone have firewall firmware version 19.5.1 and search in IPS policies have this signature and capture image reply me pls.. Thanks in…
    • Answered
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • VPN, telephony and other services no longer working

    ncor
    ncor
    Hello, Following a reboot of our servers, we are no longer able to access several internal and external services (VPN, telephony, User portal) I am neither a network expert nor an advanced user of Sophos solutions, but I will gladly provide you with…
    • over 1 year ago
    • UTM Firewall
    • Network Protection: Firewall, NAT, QoS, & IPS
  • Can I disable a single Signature ID within IPS?

    AllanD
    AllanD
    We have software that goes out to a distributors website and downloads updates. Part of these updates is a batch of Word documents in .docx format that have some ActiveX controls in them that are used for automation. They cannot be removed and are a normal…
    • Answered
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • False Positives

    FAAC Inc
    FAAC Inc
    Hello, we are having some trouble with Zoom meetings where the sound is briefly dropping at times. Sometimes we get the network quality message. I may have traced the problem to some of the meeting traffic getting flagged as Proxy and Tunnel (x-vpn…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • IPS and SSL Inspection best practice

    Krystian Kamiński
    Krystian Kamiński
    Hello I wondering how effective can be IPS in XGS series without decrypting SSL traffic. It is worth to configure without ssl inspection when i want to protect web servers (IIS, nginx, apache)?
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Block all IPs on known Abuse list

    April Beachy
    April Beachy
    I would think this feature should be readily available, but I am unable to find a way to do this. I want to block all IPs that appear on known abuse lists from our network. We are running an XG firewall. So far the rule blocking IPs by country has…
    • Answered
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • XG 19.5 IPS Email Alert Flood - SMTP DoS?

    Corey Carpenter
    Corey Carpenter
    My org had an event last week where a false positive IPS alert was being thrown. This caused over 1400 email alerts within 20 minutes before anyone could get to it and shut it down. When I looked at the email logs it looks like it was sending 3-4 emails…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Are there plans to include an "anti-portscan" feature in sophos XG?

    alan weir
    alan weir
    The UTM has an essential feature called "anti-portscan" that is seperate from DoS protection.Anti-portscan, if you are not aware, will detect when a source IP address is scanning the external WAN interface for open ports, and block, drop, or log the source…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • FILE-OFFICE Microsoft MSHTML ActiveX control bypass attempt. It started this morning.

    Francois Taljaard
    Francois Taljaard
    Keep on getting this notification email every 5 minutes from XGS2100 firewall. Affects only one user's computer. FILE-OFFICE Microsoft MSHTML ActiveX control bypass attempt. It started this morning. Please assist. These four IP's external are listed so…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Intrusion protection alert SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1679 attack attempt

    MikR
    MikR
    Hello, our Sophos UTM 9 ( latest firmware 9.713-19 ) started to block backups of certain systems that always worked before. 2023:01:16-21:05:07 fwname snort[18187]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert…
    • over 1 year ago
    • UTM Firewall
    • General Discussion
  • Sophos Firewall: How to troubleshoot dropped packets

    taowang
    taowang
    Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table of Contents Overview Log Viewer Firewall (Invalid…
    • over 1 year ago
    • Sophos Firewall
    • Recommended Reads
  • Sophos XG too many Notification IPS and Malware over Mail

    Simplified Sam
    Simplified Sam
    Hello, i am reciving many Notifications like Message: BROWSER-IE Microsoft Internet Explorer XSS filter bypass attempt Mostly i look up it has something to do with some kind of advertisement api from google or other cloud services…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Intrusion Prevention (IPS) high cpu usage - Snort

    Simplified Sam
    Simplified Sam
    Hello, in our company we got about 60-80 users. Each department got his own vlan running over one port. XGS2100 (SFOS 19.0.1 MR-1-Build365) Over the year i was setting up the sopho xg and adding all Firewall rules, like all department are in one…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • No anti updates for nearly 24 hours

    rfcat_vk
    rfcat_vk
    Hi folks, I started investigating why the XG115W was showing high CPU load, normally around 5%, but now showing over 20% for extended peraiod. I checked the ATP, Avira, Sophos AV and Sophos anti spam, All but Anti spam last updated early yesterday…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • UTM 9 - IPS tweaking?

    Andrew English
    Andrew English
    Is there any recommendations for tweak IPS on a SG125w running UTM 9 (latest version)? We have a 100Mb/sec LOS connection which drops from 100Mbps to 70Mbps with IPS enabled.
    • Answered
    • over 2 years ago
    • UTM Firewall
    • General Discussion
  • How to write custom IPS signatures for blocking applications?

    Vineeth Penugonda
    Vineeth Penugonda
    Hi guys, How to write custom IPS signatures for blocking applications? I have found a few VPNs which are not on the application control list and I would like to block them. Regards
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • XG Custom IPS Signatures: Proper Syntax/Capabilities/Usage Question

    Thomas Ward
    Thomas Ward
    So, while setting up IPS on the system, I want to *block* the usual badness including scanners, etc. However, I have regular vulnerability scanning done by US DHS/CISA as part of their Cyber Hygeine program, and they scan regularly. As such, using scanner…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Exchange 0-Day CVE-2022–41040 and CVE-2022–41082, how to check if rules are including the mitigation?

    EdmundSackbauer
    EdmundSackbauer
    There is a critical 0-Day exploit for Exchange already being exploited, which is pretty much the same as the "ProxyShell" vulnerability in March. How can I check if the mitigation is already working with Snort or IPS rules? https://gteltsc.vn/blog…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Error Message-Couldn't Update the IPS Status

    Chevyavalanche
    Chevyavalanche
    So I have IPS protection turned on as shown below: I know that the pattern is updating as shown below: So I have 2 questions. 1. Shouldn't the 'Time of signature update' change dates when IPS and Application signatures are updated? Mine doesn…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Sophos Firewall: v19.0 MR1: IPS Update Question

    BLS
    BLS
    Hi, Not sure if this is a cosmetic issue, or something that needs further investigation - the IPS signatures are being reported in one part of the GUI as being old, but yet updated in another screen. Here it's showing Aug 26th But in this…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Connections time out when IPS enabled (sporadically)

    Team S Net
    Team S Net
    We have noticed that connections are sometimes interrupted for a period of 5 minutes. It is then not possible to establish new connections (external / internal) via Sophos. This happens 1-2 times per day and always at a different time. I went through…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • IPS updates - old issues returning

    rfcat_vk
    rfcat_vk
    Hi folks, over the last week or so I have noticed previously fixed issues with applications being incorrectly classified returning in my daily reports. Manual proxy surfing and thunder VPN. Why are these previously resolved issues appearing, does…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
<>