• IPS updates - old issues returning

    rfcat_vk
    rfcat_vk
    Hi folks, over the last week or so I have noticed previously fixed issues with applications being incorrectly classified returning in my daily reports. Manual proxy surfing and thunder VPN. Why are these previously resolved issues appearing, does…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Endpoint Protection and VPN Connection

    Oliver Kühnast
    Oliver Kühnast
    Hello, I use an IPSecVPN / SSL VPN connection in conjunction with Sophos Endpoint Protection on the end devices in a company with around 200 employees. Unfortunately, our laptops have an extremely poor / slow connection as soon as endpoint protection…
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • sophos xg125 firewall snort using high percentage of memory

    jack martinelli
    jack martinelli
    i turned off ips but as the screenshot shows there are 3 snort services that each one uses 10% of memory so even inmy network there is just 30 users , the memory usage is higher than 70% what should we do to lower the usage of snort services?
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • IPS service has stopped and will not restart.

    rfcat_vk
    rfcat_vk
    Hi folks, v19.0.1 MR-1 IPS service has stopped and will not restart, the error message is the process is taking too long. There are no entries in the Logviewer -> system log indicating any issues. Next step please. Update :- after two attempts…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • VPN SLOW - Intrusion Prevention DOS - UDP flood

    AstaroNBack
    AstaroNBack
    The following article fixed the issue. - EXCELENT https://community.sophos.com/sophos-xg-firewall/f/discussions/129676/sophos-firewall---extremely-poor-bandwidth-when-dos-enabled/483292?focus=true Unfortunately a Sophos engineer helping us was unaware…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • IPS and Flood Protection logs always empty in GUI

    Joshua Drost
    Joshua Drost
    Is there a setting I'm missing? Every one of our several hundred firewalls always shows empty IPS logs ("No record found"), even when the firewall shows that it has been dropping packets due to flood protection. See the screenshots below.
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • IPS, the firewall,RED networks, and bypassing for MSFT IPs.

    WABGOR_DAVE
    WABGOR_DAVE
    Hello all, May be a silly question, however, in the IPS service: Do we need to include the RED networks for remote offices as well? Similarly, do they (RED networks) need to be listed in the Firewall rule for Teams and the like: Finally, besides…
    • over 2 years ago
    • UTM Firewall
    • Network Protection: Firewall, NAT, QoS, & IPS
  • IPS stopped to work - file too short

    Daniel Huhardeaux
    Daniel Huhardeaux
    Hi, yesterday (sunday) at 3 am SNORT stopped to work with the result that internal nets couldn't reach Internet anymore. In the logs I found FATAL ERROR: Failed to load /usr/lib/snort/so_rules//file-java.so: /usr/lib/snort/so_rules//file-java.so:…
    • over 2 years ago
    • UTM Firewall
    • Network Protection: Firewall, NAT, QoS, & IPS
  • IPS Problem "OS-LINUX Linux Kernel Netfilter iptables-restore Stack-based Buffer Overflow" Epic Gamestore Minimal fix?

    Paul McGinnie
    Paul McGinnie
    Over the last month I have occasionally been getting a flood of IPS warnings Alert ID 7002 " Message: OS-LINUX Linux Kernel Netfilter iptables-restore Stack-based Buffer Overflow" No mention of the source, and nothing in the IPS tab of the log viewer…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • IPS Logging

    Paul McGinnie
    Paul McGinnie
    How does one enable logging (so one can see it in the Log Viewer in the management web interface) of IPS events. Every time I have a IPS problem, I get email notifications but the IPS Log Viewer tab is empty - how can i get it to populate? Regards…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Synology NAS loses connection after IPS is enabled in LAN to WAN Rule ?

    Nabil R1
    Nabil R1
    Hi, I'm struggling to understand an issue I'm facing. It seems like my NAS is losing few functionalities once I activate IPS (lantowan_general) in my LAN to WAN rule. I see some IP being blocked, unable to perform cloud sync, etc.. but it's not clear…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • XG210 - IPS - "FILE-FLASH Adobe Flash Player mp4 size memory corruption attempt"

    DeComp
    DeComp
    Guten Abend, wir haben seit einiger Zeit Probleme mit verdächtigen IPS-Meldungen. Leider ist es uns nicht möglich die Ursache der Meldung zurückzuverfolgen. 2022-06-08 15:07:21IPSmessageid="07002" log_type="IDP" log_component="Signatures" log_subtype…
    • over 2 years ago
    • UTM Firewall
    • German Forum
  • V19 or V18.5 : Attack DoS - Soluce ?

    CyrilleM
    CyrilleM
    Dear Currently my firewall has a attack DoS. How to stop this attack and eliminate the source IP address of this attack. I have an XG230 in version 19 (and I can also come back in 18.5.3) Thanks a lot
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • XG stops routing

    Tom Sparrow
    Tom Sparrow
    I've got a ticket open for this, but have no idea how much effort is being put into it. Any extra help gratefully received or our office is going to be offline for most of the weekend. Our XG135 suddenly stopped passing almost all traffic the other…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Enabling IPS for internal users?

    MarkThornton
    MarkThornton
    How do I enable IPS for the data coming in as a response to client request? If I add iPS to the outbound Traffic to WAN rule will it also apply to the inbound results? I can't see where I can add it to the Traffic to WAN NAT rule.
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • IPS Alarm SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt

    Alphavil8200
    Alphavil8200
    Hallo zusammen, habe auf 2 unterschiedlichen SG's (9.711) jeweils die selbe IPS Meldung: SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt In der Beschreibung der Sid 1-59640 steht nur "This rule detects a crafted Kerberos…
    • over 2 years ago
    • UTM Firewall
    • German Forum
  • IPS Alerts which I cannot get rid of

    EdmundSackbauer
    EdmundSackbauer
    I am getting alerts like this per mail: Alert for SFVH (SFOS 18.5.3 MR-3-Build408) Cxxxxxxxxxxxxxxxxx Device Information: Hostname: gate Management Interface IP: 10.0.0.254 Date/Time: 2022-04-10 16…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Understanding IPS Alerts

    Melissa Ferguson
    Melissa Ferguson
    I have been receiving 2 IPS alerts regularly. The XG appears to drop the packet, but I am trying to understand the alert and make sure that I don't start disregarding alerts that need attention. The one happens several times a day. SCAN Zgrab Scanning…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • How to View IPS Rule IDs included in Default IPS Rules?

    ptho
    ptho
    Having received a warning from Sophos regarding For CVE-2022-22963 we were advised to check that the IPS rule 2306989 is added to our policy. Some of our rules use custom IPS policies, whereas others use the default ones, i.e. "LAN TO WAN" etc. …
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • OFFICE Microsoft MSHTML ActiveX control bypass attempt

    Mizan Mizan
    Mizan Mizan
    I need help with the following ips log FILE-OFFICE Microsoft MSHTML ActiveX control bypass attempt Thanks Mizan
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Sophos AV

    shini uzumi
    shini uzumi
    Has anyone experienced the Network Threat Protection service seemingly will stop and restart at will across multiple machines? There are a couple devices that it doesn't restart automatically on https://100001.onl/ https://1921681254.mx/ but the alerts…
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • A quick fix when Sophos endpoint blocks LAN and WAN connections due to service failure

    Sarbrinder Gill
    Sarbrinder Gill
    Hello All, What is a quick fix when Sophos Endpoint service fails to start and the endpoint is blocked on LAN and WAN due to security heartbeat? This happens on random PCs especially when the software is updated. How to start the service. …
    • over 2 years ago
    • Sophos Endpoint
    • Discussions
  • Sophos XG block telegram but i don't want

    Sophos User5753
    Sophos User5753
    Hi, i don't understand why sophos xg mark telegram as DDOS attack.. i have disabled DDOS protection tryied to disable IPS etc from Firewall rule but nothing change... i attached last test i did maybe i'm loosing some configuration? thank yo…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Snort - no such file or directory

    Rune Gaarde
    Rune Gaarde
    Just installed Sopos UTM 9.707-5 in esxi vmware. When starting Intrusion Prevention I see in the console: /usr/bin/chroot: failed to run command '/sbin/snort' no such file or directory I have ssh'd in to the utm and checked, snort can't be found…
    • over 2 years ago
    • UTM Firewall
    • General Discussion
  • FILE-MULTIMEDIA Apple iTunes Playlist Overflow Attempt - What do i do now?

    Paul McGinnie
    Paul McGinnie
    Hi - I am getting a flood of: =========================================================== Alert for SFVH (SFOS 18.0.6 MR-6-Build655) XXXXXXXXXXXXX Device Information: Hostname: sophos.mylocal.network…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
<>