What IPS policy should I use in the Lan to Lan rule? (vpn site to site) Thanks

what traffic can be handled in version 4 core, 6Gb RAM in relation to IPS/IDS

I need to allow DNS lookups for a particular .tk domain. I read this old thread but " Add an Exception for wiki.tcl.tk in 'Advanced Protection >> Advanced Threat Protection " doesn't work. The DNS lookup traffic is still blocked. I'm in the same situation…

Firmware version 17.0 have this signature but firmware version 18.5, 19.0, and 19.5 do not have this signature. Can anyone have firewall firmware version 19.5.1 and search in IPS policies have this signature and capture image reply me pls.. Thanks in…

Hello, Following a reboot of our servers, we are no longer able to access several internal and external services (VPN, telephony, User portal) I am neither a network expert nor an advanced user of Sophos solutions, but I will gladly provide you with…

We have software that goes out to a distributors website and downloads updates. Part of these updates is a batch of Word documents in .docx format that have some ActiveX controls in them that are used for automation. They cannot be removed and are a normal…

Hello, we are having some trouble with Zoom meetings where the sound is briefly dropping at times. Sometimes we get the network quality message. I may have traced the problem to some of the meeting traffic getting flagged as Proxy and Tunnel (x-vpn…

Hello I wondering how effective can be IPS in XGS series without decrypting SSL traffic. It is worth to configure without ssl inspection when i want to protect web servers (IIS, nginx, apache)?

I would think this feature should be readily available, but I am unable to find a way to do this. I want to block all IPs that appear on known abuse lists from our network. We are running an XG firewall. So far the rule blocking IPs by country has…

My org had an event last week where a false positive IPS alert was being thrown. This caused over 1400 email alerts within 20 minutes before anyone could get to it and shut it down. When I looked at the email logs it looks like it was sending 3-4 emails…

The UTM has an essential feature called "anti-portscan" that is seperate from DoS protection.Anti-portscan, if you are not aware, will detect when a source IP address is scanning the external WAN interface for open ports, and block, drop, or log the source…

Keep on getting this notification email every 5 minutes from XGS2100 firewall. Affects only one user's computer. FILE-OFFICE Microsoft MSHTML ActiveX control bypass attempt. It started this morning. Please assist. These four IP's external are listed so…

Hello, our Sophos UTM 9 ( latest firmware 9.713-19 ) started to block backups of certain systems that always worked before. 2023:01:16-21:05:07 fwname snort[18187]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert…

Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table of Contents Overview Log Viewer Firewall (Invalid…

Hello, i am reciving many Notifications like Message: BROWSER-IE Microsoft Internet Explorer XSS filter bypass attempt Mostly i look up it has something to do with some kind of advertisement api from google or other cloud services…

Hello, in our company we got about 60-80 users. Each department got his own vlan running over one port. XGS2100 (SFOS 19.0.1 MR-1-Build365) Over the year i was setting up the sopho xg and adding all Firewall rules, like all department are in one…

Hi folks, I started investigating why the XG115W was showing high CPU load, normally around 5%, but now showing over 20% for extended peraiod. I checked the ATP, Avira, Sophos AV and Sophos anti spam, All but Anti spam last updated early yesterday…

Is there any recommendations for tweak IPS on a SG125w running UTM 9 (latest version)? We have a 100Mb/sec LOS connection which drops from 100Mbps to 70Mbps with IPS enabled.

Hi guys, How to write custom IPS signatures for blocking applications? I have found a few VPNs which are not on the application control list and I would like to block them. Regards

So, while setting up IPS on the system, I want to *block* the usual badness including scanners, etc. However, I have regular vulnerability scanning done by US DHS/CISA as part of their Cyber Hygeine program, and they scan regularly. As such, using scanner…

There is a critical 0-Day exploit for Exchange already being exploited, which is pretty much the same as the "ProxyShell" vulnerability in March. How can I check if the mitigation is already working with Snort or IPS rules? https://gteltsc.vn/blog…

So I have IPS protection turned on as shown below: I know that the pattern is updating as shown below: So I have 2 questions. 1. Shouldn't the 'Time of signature update' change dates when IPS and Application signatures are updated? Mine doesn…

Hi, Not sure if this is a cosmetic issue, or something that needs further investigation - the IPS signatures are being reported in one part of the GUI as being old, but yet updated in another screen. Here it's showing Aug 26th But in this…

We have noticed that connections are sometimes interrupted for a period of 5 minutes. It is then not possible to establish new connections (external / internal) via Sophos. This happens 1-2 times per day and always at a different time. I went through…

Hi folks, over the last week or so I have noticed previously fixed issues with applications being incorrectly classified returning in my daily reports. Manual proxy surfing and thunder VPN. Why are these previously resolved issues appearing, does…