• zoom application restart in firewall network. works better in non-firewall network

    Sophos User6508
    Sophos User6508
    HI All Currently i am facing a issue with zoom application. This happens my xg210 firewall all of sudden rebooted to factory default condition and then restore to old backup. but after this incident my zoom application reboot automatically during…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • XG450 Advanced Threat Protection -> C2/Generic-A -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe - False Postive Alarm?

    EDV-Support
    EDV-Support
    Hello, we are using : Sophos XG450 (SFOS 18.5.1) During the last 2 weeks we recceived the following Security Warnings on 2 different Computers: Was ist passiert: Ein Computer hat schädliche Daten versandt. Das lässt darauf schließen, dass er mit…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • XG550 DoS settings

    LM HD OneIT
    LM HD OneIT
    Hello, I have run into an issue with DoS settings on our company's XG550 (running 18.5.4 MR-4 ). I wanted to enable DoS protection on it, so i setup a netflow server to send all netflow data to it so i could estimate the needed packet rates. And after…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Sophos suddenly detecting Trusteer Rapport?

    zeban sho
    zeban sho
    Noticed ransomware alert from a PC with C:\Windows\System32\msiexec.exe but drilling down I can see it's Trusteer Rapport. I have about a dozen machines with this software though and none of the others are alerting. I'm 99% sure it's a false positive…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • IPS and Flood Protection logs always empty in GUI

    Joshua Drost
    Joshua Drost
    Is there a setting I'm missing? Every one of our several hundred firewalls always shows empty IPS logs ("No record found"), even when the firewall shows that it has been dropping packets due to flood protection. See the screenshots below.
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • DoS & spoof protection (What settings do you recommend?)

    Fabio Danzetta work
    Fabio Danzetta work
    Hello everybody, on our firewall XG XG310 (SFOS 18.5.4 MR-4-Build418) I have enabled IPS and I also wanted to enable the various DoS & spoof protection functions. Not being an expert on the subject, I enabled everything by ticking the various "apply…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • zero-day protection Subscription module

    Fotit
    Fotit
    Hi all, xg sophos: I want to know if registration for the module in question is necessary? in order to convince the top management of this functionality, I would like to know these advantages and especially the risks and disadvantages of not subscribing…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Application control blocking websites

    Kripasindhu Ghosh
    Kripasindhu Ghosh
    Hi, one of our customer was trying to browse "https:// apex.irclass.org :82 " but failed. I have allowed the fqdn and found nothing wrong logs in web filtering and application control logs. When i removed the application control, start getting the…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • IPS Problem "OS-LINUX Linux Kernel Netfilter iptables-restore Stack-based Buffer Overflow" Epic Gamestore Minimal fix?

    Paul McGinnie
    Paul McGinnie
    Over the last month I have occasionally been getting a flood of IPS warnings Alert ID 7002 " Message: OS-LINUX Linux Kernel Netfilter iptables-restore Stack-based Buffer Overflow" No mention of the source, and nothing in the IPS tab of the log viewer…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • IPS Logging

    Paul McGinnie
    Paul McGinnie
    How does one enable logging (so one can see it in the Log Viewer in the management web interface) of IPS events. Every time I have a IPS problem, I get email notifications but the IPS Log Viewer tab is empty - how can i get it to populate? Regards…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • What happened to ZENDESK in the application list

    rfcat_vk
    rfcat_vk
    Hi folks, zendesk was classified as unsanctioned on my XG due to one IoT device continually incorrectly calling a zendesk site. Tonight I tried to correct the classification so that the Sophos Home Premium support pages would work, but receive the…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Alerts C2/Generic-A

    Guilherme Silva1
    Guilherme Silva1
    Dear, We are facing a very strange situation regarding the very frequent alerts we are getting for C2/Generic-A. Most of these alerts have origin addresses, from DNS servers, such as 8.8.8.8 for example, but what is intriguing is what in the details…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Unable to block Hotspot Shield and Betternet VPN

    Vineeth Penugonda
    Vineeth Penugonda
    Hi guys, I have been trying to block the hotspot shield and Betternet VPN. I have included them in the Applications Filter. I created a support ticket with Sophos and we were able to block the said applications by decrypting HTTPS using web proxy…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Deny logs as IP Spoof after New interface creation

    Can carmack
    Can carmack
    Hi friends, Some kind of error logs appeared after this integration detailed below. We have added AP as a new interface like below; AP is on 192.168.11.1, all features disabled. WAN connection is on PORT#4
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Sophos Firewall: Troubleshoot a broken application in SFOS

    LuCar Toni
    LuCar Toni
    Disclaimer : This information is provided as-is for the benefit of the Community. Please contact Sophos Professional Services if you require assistance with your specific environment. Table of Contents Overview Invalid Traffic Troubleshooting…
    • over 2 years ago
    • Sophos Firewall
    • Recommended Reads
  • Synology NAS loses connection after IPS is enabled in LAN to WAN Rule ?

    Nabil R1
    Nabil R1
    Hi, I'm struggling to understand an issue I'm facing. It seems like my NAS is losing few functionalities once I activate IPS (lantowan_general) in my LAN to WAN rule. I see some IP being blocked, unable to perform cloud sync, etc.. but it's not clear…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Can we talk about STUN traffic?

    Wayne Folta
    Wayne Folta
    I'm noticing that when I do reports or look at live connections, I see a lot of STUN traffic. And it's a LOT of traffic, which is puzzling in that I thought STUN was merely a tool to figure out how to get a direct connection when that would otherwise…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • XGS High CPU Usage - Snort

    MichaelBolton
    MichaelBolton
    I have a cluster of XGS2300 firewalls that do not seem to offload traffic via "fastpath" as they should. Sometimes it works great, but other times it seems like it doesn't offload anything. CPU utilization sits around 40-50%. Currently the firewall…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • SOPHOS XGS Application Control blocking nordVPN

    SETdevIT
    SETdevIT
    Hi , is there any Option to block nordVPN , wasn't able to find any option in the Application Control . For the most shady VPN Provider are blocking options available. We highly need to block any kind of shady VPN ´ s specally nordVPN ! We are…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • XG stops routing

    Tom Sparrow
    Tom Sparrow
    I've got a ticket open for this, but have no idea how much effort is being put into it. Any extra help gratefully received or our office is going to be offline for most of the weekend. Our XG135 suddenly stopped passing almost all traffic the other…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • google play application control Sophos XG firewall

    George hanna
    George hanna
    need to block google play app via application control in Sophos XG firewall as i couldn't find it in the application filter
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Remote VPN only to Domain Computers

    Evandro Salvador
    Evandro Salvador
    Is there a way to prevent home users to use VPN Client on the own devices? We would like to allow only Domain Computers or generate a certificate to restring user's devices. Unfortnately, I don't have Sophos Central InterceptX to use Heartbeat status…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • An attempt to communicate with a botnet or command and control server has been detected.

    Chris Anthony1
    Chris Anthony1
    Hi Everyone! Can anyone help me? I received several reports from XG Firewall that a n attempt to communicate with a botnet or command and control server has been detected. The source IP is Google's DNS (8.8.8.8 and 8.8.4.4) and my DNS (203.167.97…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Enabling IPS for internal users?

    MarkThornton
    MarkThornton
    How do I enable IPS for the data coming in as a response to client request? If I add iPS to the outbound Traffic to WAN rule will it also apply to the inbound results? I can't see where I can add it to the Traffic to WAN NAT rule.
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • most of LAN<->Server communication detected as "Torrent Clients P2P"

    LHerzog
    LHerzog
    We've replaced a SG by XGS 18.5 MR3 and there is now massive false positive detection of Torrent Client P2P traffic by application filter. Most firewall rules for internal traffic have the default Application filter applied: "Block high risk (Risk Level…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
<>