• IPS Alerts which I cannot get rid of

    EdmundSackbauer
    EdmundSackbauer
    I am getting alerts like this per mail: Alert for SFVH (SFOS 18.5.3 MR-3-Build408) Cxxxxxxxxxxxxxxxxx Device Information: Hostname: gate Management Interface IP: 10.0.0.254 Date/Time: 2022-04-10 16…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Understanding IPS Alerts

    Melissa Ferguson
    Melissa Ferguson
    I have been receiving 2 IPS alerts regularly. The XG appears to drop the packet, but I am trying to understand the alert and make sure that I don't start disregarding alerts that need attention. The one happens several times a day. SCAN Zgrab Scanning…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • How to View IPS Rule IDs included in Default IPS Rules?

    ptho
    ptho
    Having received a warning from Sophos regarding For CVE-2022-22963 we were advised to check that the IPS rule 2306989 is added to our policy. Some of our rules use custom IPS policies, whereas others use the default ones, i.e. "LAN TO WAN" etc. …
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • An attempt to communicate with a botnet or command and control server has been detected.

    MJ_P1
    MJ_P1
    I found some malware on a client PC not long ago, which we discussed at length in this thread: https://community.sophos.com/intercept-x-endpoint/f/discussions/132693/mal-polazert-a-removal/491955#491955 . Intercept X is deployed throughout the network…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Advanced Threat Protection research

    William Capeless
    William Capeless
    I am having trouble determining what is happening here. I see the source is google dns, the destination is my internal dns server. the threat is clickmatters.biz. How do I track this down to find out what is going on. I checked web logs to see if anyone…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Sophos XG as DDoS amplification server

    J_87586
    J_87586
    Hello, After reading the following article at Arstechnica ( https://arstechnica.com/information-technology/2022/03/unending-data-floods-and-complete-resource-exhaustion-ddoses-get-meaner/?comments=1&start=0), and then the University of Maryland page…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • OFFICE Microsoft MSHTML ActiveX control bypass attempt

    Mizan Mizan
    Mizan Mizan
    I need help with the following ips log FILE-OFFICE Microsoft MSHTML ActiveX control bypass attempt Thanks Mizan
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Sophos XG block telegram but i don't want

    Sophos User5753
    Sophos User5753
    Hi, i don't understand why sophos xg mark telegram as DDOS attack.. i have disabled DDOS protection tryied to disable IPS etc from Firewall rule but nothing change... i attached last test i did maybe i'm loosing some configuration? thank yo…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Apple iCloud IMAP blocked as it was Torrent P2P

    Sophos User218
    Sophos User218
    Found a conversation here about the same problem 6 month ago, but I can't read a solution. My firewall is reporting a lot of Torrent P2P users in my network and block the application. In the same time users reports that they can't read mail on iPhone…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Rejecting VPNs programs

    Eduardo Noubleau
    Eduardo Noubleau
    Hello, noticed that VPN programs bypass Sophos blocks. I would like to know if there is any common denominator among all VPN programs, so that I can create a firewall rule preventing all these VPN programs from connecting. Thanks!
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • FILE-MULTIMEDIA Apple iTunes Playlist Overflow Attempt - What do i do now?

    Paul McGinnie
    Paul McGinnie
    Hi - I am getting a flood of: =========================================================== Alert for SFVH (SFOS 18.0.6 MR-6-Build655) XXXXXXXXXXXXX Device Information: Hostname: sophos.mylocal.network…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Auto-Block an ip that trigger IPS ?

    MattBowles
    MattBowles
    Looking to mitigate potential attackers in an efficient way. I got a report weekly that i review and the IPS events can be anywhere from 0-5K intrusions attacks logged. Most of this is port scanning and I want to stop it. I'm assuming the answer is…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • PortScan - Port 8443/tcp was found to be open

    Andre Soares
    Andre Soares
    Hello everybody. I have an XGS 116 and out of curiosity I ran a port-scan on my external IP. Port 8443/tcp was found to be open Is this the port we use for VPN-SSL? It's safe? Tanks
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Cannot seem to get Application Filter Firewall rule to work correctly

    AllanD
    AllanD
    So I attempted to get the application control working based on this article: https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/120242/sophos-xg-firewall-how-to-create-an-exception-in-application-filter but I could not get this to work…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • IPS Service Issue 2022/01/25 - (SFOS 18.0.5 MR-5-Build586)

    djdrastic
    djdrastic
    Checking if anyone had any IPS issues today ? Box at one of my sites picked up an IPS and Application Pattern update in the afternoon and did this . System load got as high as 32 at a stage and had to reload box . Could barely get into the web ui…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • How to block all vpns

    Bob Dabuilder
    Bob Dabuilder
    Just found out that the fire vpn chrome extension, just bypassed my expensive firewall. Looking for suggestions?
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • XGS2100 (SFOS 18.5.1 MR-1-Build326) the internet is so slow

    Karim
    Karim
    Dear All Hi I am new to using this firewall and it was installed about a month ago on the network, but since it was installed, the speed of the Internet in the network is very slow, and the ping time exceeds 1000, and I do not have a roll to disable…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Sky Now app not working on Sophos XG

    GodAtum
    GodAtum
    According to the logs its being blocked 2022-01-20 20:19:34 Invalid Traffic Denied N/A 0 192.168.1.181 54.239.35.235 54058 443 …
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • XFRM1 Traffic classified as Torrent Clients P2P

    CyberEagle
    CyberEagle
    The following syslog is showing application "Torrent Clients P2P" for all of our IPSec Tunnel Interface traffic. This traffic between our IPSec and internal server is not Torrent traffic. How do I reclassify this properly in the Sophos XG V18? date…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Unable to block Hotspot Shield and Betternet VPN

    Vineeth Penugonda
    Vineeth Penugonda
    Hi guys, I have been trying to block hotspot shield and Betternet VPN. I have included them in the Applications Filter. I have also changed the settings according to this guide: https://community.sophos.com/sophos-xg-firewall/f/recommended-reads…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Block Android Games from Accessing Internet.

    Salman T
    Salman T
    I have implemented Sophos XG on an old computer. I am very happy with it so far. But I was wondering if it could address an annoying challenge that I am facing these days. I have a 5yo child who plays games on an android device, and those games are bombarded…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • ATP false positive?

    Ben@Network
    Ben@Network
    Hello Communitiy, from time to time we have some false positives on APT. If I check the URL with VirusTotal often Sophos is the only vendor where the URL marked as "Malicious". An example is this URL: https://coronalevel.com/Germany If I check the…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • IPS Logs Missing

    tom greene
    tom greene
    I just upgraded from 17.5 to 18.5 MR 1 but in log viewer it doesn't show any logs for IPS. IPS system service is on. Also, in firewall rules IPS default policies LAN to WAN are applied. In v17.5 logs would show for IPS. What could be the problem…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • ATP block all *.idv.tw FQDN query!?

    Shunze Lee
    Shunze Lee
    We found all the *. idv.tw domains were blocked by ATP with XG. I have opened a case (ID: 04765685) to Sophos, but Sophos seems doesn't know the issue? Shunze
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Sophos IPS still applies certain critical rules without policy assigned

    Sophos User2134
    Sophos User2134
    Hello - I was told by support recently that even if I had no IPS policies assigned to my rules that some critical IPS signatures would still be applied on the backend. Its a little bit hard to believe it would do this if there were no IPS policy assigned…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • View related content from anywhere
  • More
  • Cancel
<>