The Sophos EP installation on a computer of a colleague yesterday screwed up yesterday. It was red in Central and had no Heartbeat. The endpoint showed a log I've just seen for the first time. The english translation is like "Sophos IPS no longer…

Checking if anyone had any IPS issues today ? Box at one of my sites picked up an IPS and Application Pattern update in the afternoon and did this . System load got as high as 32 at a stage and had to reload box . Could barely get into the web ui…

Dear All Hi I am new to using this firewall and it was installed about a month ago on the network, but since it was installed, the speed of the Internet in the network is very slow, and the ping time exceeds 1000, and I do not have a roll to disable…

Hi, some colleagues reported network / soft-phone interruptions during the last days. Today i picked one computer and found a lost heartbeat at 14:42 - the time where his phone call was interrupted. I found out, hat SED64 and NTP64 had been updated…

Hi All, Anyone know if its possible to add port ranges in the IPS Exclusions setting of a server policy for endpoint protection? I need to add a range of 100 ports. Thanks

I just upgraded from 17.5 to 18.5 MR 1 but in log viewer it doesn't show any logs for IPS. IPS system service is on. Also, in firewall rules IPS default policies LAN to WAN are applied. In v17.5 logs would show for IPS. What could be the problem…

Hi, the SOPHOS UTM Firewall of one of our Clients sporadically reports an ATP-Threat (Botnet/command-and-control traffic) that has been blocked. The "infected" Hosts are always the two Domain Controllers / DNS Servers within the network. User…

Hallo zusammen, ich bin gerade auf der Suche die richtigen Einstellungen an einer Sophos XG zu finden um einen geplanten Schwachstellenscan auf die externen IP Adresse der Firewall durchzuführen. Im richtige Ergebnisse zu bekommen, werden die Tests…

Greetings Sophos Community, I am using Sophos XG Firewall 125. I have Different Inbound and Outbound Rules. On Different Zones like WIFI to WAN, LAN to WAN (I have Applied General IPS Policy) I need Suggestion Is this Policy Type suitable for my Zones…

XG Home firewall is throttling my bandwidth. I was able to get ~900MB download on a speed test from my computer through the ISP modem (connected directly). When I was connected through my home router (wired) without the XG home firewall in the network…

I thought it was weird that Sophos was rating the Log4j vulnerability as the lowest severity, when everyone else in the world considers it a high risk. But it appears that Sophos has just always got their documentation wrong. Looking at all the IPS…

Hello - I was told by support recently that even if I had no IPS policies assigned to my rules that some critical IPS signatures would still be applied on the backend. Its a little bit hard to believe it would do this if there were no IPS policy assigned…

How can i filter the firewalls that the IPS is not active on SUM. I need the make a list for the firewalls that IPS is not ON.

Hi all! We are using SSL VPN and facing severe performance issues all the time. When using RDP, the desktop sometimes freezes and copying files to and from the remote desktop takes very long (about 1MB/s, the connections are capable of 10MB/s (home…

does anybody know what the cause of this alert ? also i want to stop it from it source ?

First alert we had from rule SID 20842 was on 23 Nov at 17:39 GMT. Since then have had 230 alerts to around 50 different Windows 10 hosts, all this rule, 29 different IP source addresses, all source port 80, various destination ports. Looking up the…

Appartently there was a problem with Snort package update. Since yesterday around 18:00 I had connectivity problems from local networks behind 2 different UTMs. The logs show the following: up2date.log 2021:11:23-18:05:13 FW01 auisys[21582]: Install…

Hi everyone, we are having issues with the customers skype for business (still on prem) because of IPS. After a while the voice stops and our users at the office (it is working from home or data plan) cannot voip anymore. The IPS log shows the IP…

Ok, so how specifically do I ' set the corresponding intrusion protection rule to "drop" in WebAdmin ' per the alert email below I received? There is no 'rule' identified in the alert. Am I supposed to infer that 58442 in the snort link is the rule…

I want to disable IPS service as i am not using it , so i manually stopping it every time i reboot Sophos XG . so how can i disable it from startup after reboot Thanks

We are currently deploying an XGS116 running FW SFOS 18.5.1 MR-1-Build326 . We noticed that the IPS feature is causing a severe delay of 3-5 seconds when opening websites. Interestingly enough this delay is also happening when NO IPS policy is applied…

Hi there, I'm trying to add a custom IPS Pattern which does not work as described here: Add a custom IPS signature (sophos.com) The online documentation does not says anything about >> ; <<. Can somone share a working custom IPS pattern example…

I have gone through the steps in the documentation for configuring WAF and the rule's traffic count increases accordingly when the web server is accessed. However, I can't seem to be able to verify that it is actually being protected. Almost all protection…

Dear Comminity, I've a customer with an HA pair of XG135 with SFOS 18.0.5 MR-5-Build586. They are facing random reboot of the appliance that force a change HA status. During this reboot they 5/10 minutes of disconnectoin. I've open a sophos case…

Hi, I have a sophos xg 210. It was working fine but it recently started to behave strange. The antivirus and IPS engine service is stops, when I restart it stops again and keep doing that. I have just update firmware from SFOS 18.0.5 MR-5-Build586 to…