• XG IPS rule dropping Windows 10 Upgrade assistant packets

    PGP
    PGP
    Hi Guys, I'm trying to update couple of windows 7 pro machines to Windows 10 using windows 10 upgrade assistance. However the traffic being dropped by IPS rule LAN--> WAN. Below is what I see in logs. Time - 2017-05-09 09:53:01 Log Comp - Anomaly…
    • Answered
    • over 7 years ago
    • Sophos Firewall
    • Discussions
  • XG Best Practice, Firewall, IPS, VPN ect.

    AnthonyChallis
    AnthonyChallis
    Hi All, We have a new XG + Sophos central/interceptX. I have the firewall setup with a copy of LAN-WAN IPS with all but windows clients/servers removed, SSL decrypt+scan and yellow or above heartbeat policy setup. Is this how we should go or does…
    • Answered
    • over 7 years ago
    • Sophos Firewall
    • Discussions
  • IPS Blocking Ebay Signin

    M8ey
    M8ey
    Hi all, I am new to XG so please be nice :-) Running XG230 with SFOS 16.05.2 MR-2 and IPS Signatures 3.13.35 I have this wee issue that when a user tries to login to eBay they basically time out. Getting to eBay is fine but when they add a user…
    • over 7 years ago
    • Sophos Firewall
    • Discussions
  • IPS - Some signature are false positive

    lferrara
    lferrara
    Hi There, after some days, I would like to share some strange things with XG IPS module. See the screenshot: I have MAC at home so the first 2 signature cannot be applied. First Signature CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name…
    • over 7 years ago
    • Sophos Firewall
    • Discussions
  • Exclude the traffic coming from specific website from IPS check

    Atsushi Shogo
    Atsushi Shogo
    Hello, I installed XG Firewall Home Edition last month and I'm enjoy studying it now. I have a question about the exception for IPS. Is there any way to exclude the traffic between a specific website and LAN from IPS check? I don't want to remove the…
    • Answered
    • over 7 years ago
    • Sophos Firewall
    • Discussions
  • SIP error due to MultiTech SIP UDP Overflow

    Tuna Sakar
    Tuna Sakar
    Hi, I'm new in Sophos, we decided to use SIP in our company but the Firewall rejects it. When I checked the logs I saw below errors. Would appreaciate if you can help. Log: 2017-01-09 00:35:47 Signatures Drop - …
    • Answered
    • over 7 years ago
    • Sophos Firewall
    • Discussions
  • SFOS 16.0.1.2 can't get the IPS running... (Dead, tried the previous thread)

    ReinoutNL
    ReinoutNL
    i've installed a vanilla Sophos engine and configured it to publish a bunch of services like exchange, RDG, etc. Now i was looking at my services after i got this up and running but i see now that the IPS engine is dead.... From the community i followed…
    • over 8 years ago
    • Sophos Firewall
    • Discussions
  • List of IPS rules, their description and understand if a patch or misconfiguration is in place

    lferrara
    lferrara
    UTM9 used to have a html page like this one: https://lists.astaro.com/ASGV9-IPS-rules-2970.html not reachable anymore where filtering per rule id, we were able to find signature details, CVE and other additional information in order to help administrators…
    • over 8 years ago
    • Sophos Firewall
    • Discussions
  • IPS throughput

    gimmy Hsueh
    gimmy Hsueh
    I bought a XG125 this year , and have a spec question. XG125 has high performance numbers as below : Throughput 5,000 Mbps IPS 1,000 Mbps Concurrent connections 6,200,000 New connections/sec 35,000 I read the datasheet of XG125 , cannot find the testing…
    • Answered
    • over 8 years ago
    • Sophos Firewall
    • Discussions
  • Increase in traffic dropped under TCP Flood after upgrade to V16.01.2

    Ishwarsingh
    Ishwarsingh
    There is a sudden increase in traffic dropped under TCP Flood after upgrade to V16.01.2 (XG-135). Below screenshot for ref. Please suggest a solution for this issue. Earlier V16 & V15 didn't used to show such huge numbers under traffic dropped.
    • over 8 years ago
    • Sophos Firewall
    • Discussions
  • IPS and Application

    lenyick
    lenyick
    I have notice that the IPS and Application seem to not be working their is nothing listed in the logs of IPS and Application for the pass week no activity. I have tried nmap to try and trigger the rules of the ids and tried some of the applications…
    • over 8 years ago
    • Sophos Firewall
    • Discussions
  • IPS problem witch Adobe Reader downloading PDFs from Webserver

    UliKell
    UliKell
    Hello NG, We are using a Sophos SF SW/Virtual TotalProtect. For some days we have some problems with downloading PDF using Adobe Acrobat Reader. (Foxit Reader works fine) In the IPS section we had "critical" and major "selected". The downloads are…
    • over 8 years ago
    • Sophos Firewall
    • Discussions
  • Can't select all IPS signatures

    ce_Sophos
    ce_Sophos
    Please check the attached screenshots. It's related to a bug/drawback in Sophos. Go to IPS Policies > Select a policy and click Add Try to search for "Malware" You will get "1807" results and you want to select all of them If you click the name…
    • over 8 years ago
    • Sophos Firewall
    • Discussions
  • Identifying IPS signatures being hit

    MattLinzbach
    MattLinzbach
    Here are some logs of IPS signatures being blocked or detected. I'd like to allow them. How is one supposed to find which sigature is actually being tripped? Date / Time Signatures Drop username LocalIP :TCP(54850) RemoteIP :TCP(8080) 20 Date / Time…
    • over 8 years ago
    • Sophos Firewall
    • Discussions
  • How i can disable IDS for ICMP

    MarcoScholl
    MarcoScholl
    Hi how can i disable the following entries in attacksreport? ICMP Ping ICMP Echo Reply ICMP Destination Unreachable Host Unreachable Why anybody by sophos mean this is an attack?
    • over 8 years ago
    • Sophos Firewall
    • Discussions
  • IPS Signature Block the Legitimate Traffic of Websites

    KamalPatel
    KamalPatel
    Hi, Anybody Facing the Issue after 6th May 2016 IPS definitions upgraded from 3.12.71 to 3.12.72. we are not able to open banking websites also other government website which contains login page. if you have workaround, please share us as soon as…
    • over 8 years ago
    • Sophos Firewall
    • Discussions
  • RE: How to disable snort_decoder rules?

    DavidWilliams1
    DavidWilliams1
    Uh, the problem seems to has fixed itself. All the erroneous "IPv4 broadcast" packet drops have stopped. It seems to coincide with the outside interface (I'm in bridge mode) bouncing because the upstream router was restarted. The last bad message…
    • over 8 years ago
    • Sophos Firewall
    • Discussions
  • RE: How to disable snort_decoder rules?

    Emanuele Minardi
    Emanuele Minardi
    Hi... same problem here... as a side effect, my virtual machines running on my macbook (VMWare Fusion or VirtualBox) can not obtain ip address via DHCP if they have nic bridged to airport wifi... ((--)) = wifi <--> = cable guest vm nic in bridge…
    • over 8 years ago
    • Sophos Firewall
    • Discussions
  • How to disable snort_decoder rules?

    DavidWilliams1
    DavidWilliams1
    How do you disable snort_decoder rules? Like this: They don't show up in the Signature lists. I know how to disable Individual Signatures, but the decoder don't show up. I've even disabled the entire Misc category and it does not disable these…
    • Answered
    • over 8 years ago
    • Sophos Firewall
    • Discussions
  • Why ICMP traffic originated by the appliance is logged in IPS?

    ClerpremSpa
    ClerpremSpa
    The IPS continuously logs the detection of an ICMP ('host unreacheable') whose source is the firewall itself, marking it as reconnaissance attack. The ICMP is originated because of an host in one zone that trie to contact a switched-off host in another…
    • over 8 years ago
    • Sophos Firewall
    • Discussions
  • Why does IPS prevent outgoing RDP and SSH connections?

    oxident
    oxident
    Hi! I'm trying to figure out why XG installation refuses LAN clients to make RDP or SSH connection to WAN servers. Whenever I try such a connection, the packet sniffer first logs a correct connection request (dest. port 3389, for example) originating…
    • Answered
    • over 8 years ago
    • Sophos Firewall
    • Discussions
  • RE: Edit/Delete Default IPS Rules - Feature Request

    BrianCarp
    BrianCarp
    I think you should alternatively consider storing the non-modifiable built-in rules as templates rather than non-modifiable rules, and that way they can be stored (taking up the minimal-bloat megabytes of space) and be available as baselines to admins…
    • over 8 years ago
    • Sophos Firewall
    • Discussions
  • Guidelines for using Pre-defined IPS policies

    BrianCarp
    BrianCarp
    I'm wondering how the modifiable IPS policies relate to the non-modifiable policies and what the recommendations are for using them. The first six seem clear enough (DMZ TO LAN, LAN TO WAN, etc.), assuming you have these standard zones set up, and I assume…
    • over 8 years ago
    • Sophos Firewall
    • Discussions
  • RE: XG Firewall Maintenance Release MR-1.1

    harim-park-legacy
    harim-park-legacy
    Too high CPU load in IPS configuration. 99.9% in XG85.
    • over 8 years ago
    • Sophos Firewall
    • Discussions
  • Roku triggering IPS rule 1100016 LOIC DoS Tool (TCP Traffic) threshold

    jetcopter
    jetcopter
    I think this is a false positive as the number of 'attacks' are pretty low and it is going to two AWS ip addresses. How do I determine if this really is a false positive and fix this? Thanks!
    • over 8 years ago
    • Sophos Firewall
    • Discussions
  • View related content from anywhere
  • More
  • Cancel
<>