• IPS Meldungen - SharePoint

    KBH
    KBH
    Hallo zusammen, seitdem 29.02. erhalten wir täglich mehrere IPS Meldungen: Alert ID: 7002 "BROWSER-IE Microsoft Edge edgehtml.dll normalize missing div child use after free attempt" Wenn man die IPs nachvollzieht, sind es immer Microsoft Domains…
    • 9 months ago
    • Sophos Firewall
    • German Forum
  • how to defend against (D)DOS

    TobiasBundy
    TobiasBundy
    Hi everyone, this is not a technical issue but a desparate call for advise. Our Sophos UTM-firewall (firmware version: 9.816-2) is suffering from a (D)DOS-attack that is going on for several days now. Since our internet-connection only comprises of…
    • 9 months ago
    • UTM Firewall
    • Network Protection: Firewall, NAT, QoS, & IPS
  • Sophos UTM: After Update to 9.719 IPS not working and Snort not running

    SZSZ
    SZSZ
    After update to version 9.719 IPS not working properly anymore. Every 10 minutes snort not running - restarted messages.
    • Answered
    • 9 months ago
    • UTM Firewall
    • General Discussion
  • SSL/TLS Inspection EndPoint vs Firewall

    Ameisenbär
    Ameisenbär
    Hallo zusammen, ich habe die XGS Firewall und den Endpoint mit Intercept X Advanced. Beide können HTTPS Entschlüsseln und IPS. Welchen der beiden soll ich dafür verwenden?
    • 9 months ago
    • Sophos Firewall
    • German Forum
  • ips.log filling up disk

    Farshid
    Farshid
    We have XG210 with SFOS 19.5.4. I've noticed ips.log filling up /var partition till there is no free space on disk and it causes device to boot into fail-safe mode. Stopping IPS service stops log file from growing but when I restart IPS service, this…
    • 9 months ago
    • Sophos Firewall
    • Discussions
  • Trusted MAC address CSV

    abish
    abish
    Hello Community Members, I want to enable DoS & spoof protection in my Sophos XGS2100. But, To enable it for all the hosts there will be a lot of trusted MAC addresses so adding them manually is a time-consuming process. So I came across this article…
    • Answered
    • 10 months ago
    • Sophos Firewall
    • Discussions
  • Help with this.

    Edgar Leon
    Edgar Leon
    Hi Sophos community any solution for this issue. Message: SERVER-OTHER multiple products blacknurse ICMP denial of service attempt
    • 10 months ago
    • Sophos Firewall
    • Discussions
  • SERVER-WEBAPP SNIProxy new_address Stack Buffer Overflow

    Edgar Leon
    Edgar Leon
    Need help with this issue in sophos Message: SERVER-WEBAPP SNIProxy new_address Stack Buffer Overflow
    • 11 months ago
    • Sophos Firewall
    • Discussions
  • Traffic processing flow (order of operations). IPS before Firewall?

    jlbrown
    jlbrown
    Found a post from over 10 years ago, so thought I'd ask and get a more up-to-date reply! I get alerts from the IPS saying it blocked an attack. I add the IP (if it's the same one repeatedly) to Network Protection/Firewall to drop from that IP, Any service…
    • 11 months ago
    • UTM Firewall
    • General Discussion
  • Meaning of "detect" in the Log Subtype in the IPS Report Template

    Gideon Orozco
    Gideon Orozco
    In the Sophos Central Report Generator (IPS Report Template), there is a column for Log Subtype we noticed that most of the values are "drop" however there are a few rows with values "detect". Does this mean did Sophos IPS allowed this traffic? If ever…
    • 11 months ago
    • Sophos Firewall
    • Discussions
  • IPS Log Messages: Anomaly - Removed the urgent flag and pointer in TCP header / Enforces IPS protection

    philbert
    philbert
    For some time, we get the following IPS Log Messages: Example 1 2024-01-16 12:12:20 IPS messageid="06001" log_type="IDP" log_component="Anomaly" log_subtype="Detect" ips_policy="" ips_policy_id="0" fw_rule_id="140" fw_rule_name="x1" fw_rule_section…
    • Answered
    • 11 months ago
    • Sophos Firewall
    • Discussions
  • Alert ID 7002

    Pradeep
    Pradeep
    Hi team I am getting this alert frequently from the firewall. please help me to resolve this
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • IPS FILE-IMAGE Adobe Reader malformed app13 marker memory corruption attempt

    Louis Havenga
    Louis Havenga
    Good day members. I Trust you are well. Our IPS report on Sophos Central shows the following IPS report. I have Traced the IP back to microsoft Data center. I would like to know is this a false positive as i have scanned the computers muliple times…
    • over 1 year ago
    • Sophos Central
    • Discussions
  • Intrusion prevention alert (Critical)

    Sofos network
    Sofos network
    Hello, I have this alert today: intrusion prevention alert, but i don't know how to check or to diagnose this
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • IPS SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 CVE-2018-20062 Remote Code

    LMSIIATO
    LMSIIATO
    I have many IPS reports of this type: "IPS SERVER-WEBAPP ThinkPHP 5.0.23/5.1.31 CVE-2018-20062 Remote Code " I don't understand if these attempts are effectively blocked, then in general do you have any recommendations to mitigate this vulnerability?
    • Answered
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • What ist the benefit of IPS, Zero-Day Protection, ATP and web filtering without deep packet inspection on TLS sessions

    Dr No
    Dr No
    stupid question, I know, but honestly: what is the benefit of the Xstream protection when you decide not to break TLS sessions at all (besides mail filtering)? Will someone earn any higher protection level with all these features activated without breaking…
    • Answered
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • IPS update appears to break fb videos.

    rfcat_vk
    rfcat_vk
    Hi folks, last night (my time) the IPS update (18.21.02) appears to have broken FB videos and the login screen. If I use my hotspot the FB access works correctly. Ian
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • Intercept X Advanced for Server with XDR

    Vincenzo Montoleone
    Vincenzo Montoleone
    Hi. We have Intercept X Advanced for Server with XDR on Windows 2012 Server Std ( not very fresh stuff ) and Intercept X Advanced for endpoints. My Q is: if I go for a vulnerability scanning on the server with - say tools like Nessus - should I got…
    • over 1 year ago
    • Sophos Endpoint
    • Discussions
  • XG IPS False Positive Warnungen und Drops bei Amazon Prime Video

    nd
    nd
    Guten Abend zusammen, seit grob Anfang der Woche fielen mir erste Meldungen auf, dass der IPS angeschlagen hat. Erste Checks dazu haben das TV Gerät und einmal das Handy vom Junior 1 als schuldigen ausgegeben; jedoch nichts konkret gefunden und…
    • over 1 year ago
    • Sophos Firewall
    • German Forum
  • Intrusion Prevention-Warnung 93.184.221.240

    Marco Sommert
    Marco Sommert
    Hallo Sophos-Forum, ich habe immer wieder Meldungen meiner Firewall SG230 mit Intrusion Prevention Warnungen. Intrusion Prevention Alert An intrusion has been detected. The packet has been dropped automatically. You can toggle this rule…
    • over 1 year ago
    • UTM Firewall
    • German Forum
  • IPS-Schutz ist ausgeschaltet

    DJ_Ken
    DJ_Ken
    Hallo Sophos community, habe seid der version (SFOS 19.5.3 MR-3-Build652) IPS-Schutz ausgeschaltet ist. in meiner Lizenz ist der IPS-Schutz beinhaltet. Hat jemand ne Idee wo rann das liegen kann? Viele Grüße DJ_Ken
    • Answered
    • over 1 year ago
    • Sophos Firewall
    • German Forum
  • SNORT using a lot of CPU

    Mateusz Bender
    Mateusz Bender
    Our old Sophos UTM is definitely a bit on the "too small" side by now, but still, we're trying to get things running for at least an extra year or so. Right now we occasionally have issues with the UTM CPU usage going up to 100%, to the point where the…
    • over 1 year ago
    • UTM Firewall
    • Network Protection: Firewall, NAT, QoS, & IPS
  • Ips not working on home edition

    Tahira Ahmed
    Tahira Ahmed
    Hi All I'm using sophos home addition Since four weeks i'm struggle to Make it work Ips But no luck e My hardware is Intel i7 8700 cpu 8gb Ram with Intel i350 nic Firmware 19.5.3mr Any help will be appreciated Thanks
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • WEb ExPloit PRotecTion

    Mark Sludgebuster
    Mark Sludgebuster
    Is EXPloit Protection, work Out of the Box? Now I Find ‘ Detect and prevent exploits (IPS)’. lantoWan- general policy Which I’ve enabled. Is That the full extent of it, and A feature that Works under the Hood? Is There Any solid inFormation in XG, and…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
  • IPS rule LAN-LAN

    Luc_GLLM
    Luc_GLLM
    Hi everyone, I have two firewalls connected by a dark fiber on a SFP port, the two main LAN networks are 192.168.1.0/24(FW1) and 192.168.0.0/24(FW2). In both firewalls there is a rule to allow all traffic between the two subnets, so the source and destination…
    • over 1 year ago
    • Sophos Firewall
    • Discussions
<>