I am getting alerts like this per mail:
Alert for SFVH (SFOS 18.5.3 MR-3-Build408) Cxxxxxxxxxxxxxxxxx
Device Information: Hostname: gate Management Interface IP: 10.0.0.254 Date/Time: 2022-04-10 16…
I have been receiving 2 IPS alerts regularly. The XG appears to drop the packet, but I am trying to understand the alert and make sure that I don't start disregarding alerts that need attention.
The one happens several times a day.
SCAN Zgrab Scanning…
Having received a warning from Sophos regarding For CVE-2022-22963 we were advised to check that the IPS rule 2306989 is added to our policy.
Some of our rules use custom IPS policies, whereas others use the default ones, i.e. "LAN TO WAN" etc.
…
I found some malware on a client PC not long ago, which we discussed at length in this thread: https://community.sophos.com/intercept-x-endpoint/f/discussions/132693/mal-polazert-a-removal/491955#491955 .
Intercept X is deployed throughout the network…
I am having trouble determining what is happening here. I see the source is google dns, the destination is my internal dns server. the threat is clickmatters.biz. How do I track this down to find out what is going on. I checked web logs to see if anyone…
Hello,
After reading the following article at Arstechnica ( https://arstechnica.com/information-technology/2022/03/unending-data-floods-and-complete-resource-exhaustion-ddoses-get-meaner/?comments=1&start=0), and then the University of Maryland page…
Hi,
i don't understand why sophos xg mark telegram as DDOS attack.. i have disabled DDOS protection tryied to disable IPS etc from Firewall rule but nothing change...
i attached last test i did
maybe i'm loosing some configuration?
thank yo…
Found a conversation here about the same problem 6 month ago, but I can't read a solution.
My firewall is reporting a lot of Torrent P2P users in my network and block the application.
In the same time users reports that they can't read mail on iPhone…
Hello, noticed that VPN programs bypass Sophos blocks. I would like to know if there is any common denominator among all VPN programs, so that I can create a firewall rule preventing all these VPN programs from connecting.
Thanks!
Hi - I am getting a flood of:
===========================================================
Alert for SFVH (SFOS 18.0.6 MR-6-Build655) XXXXXXXXXXXXX
Device Information: Hostname: sophos.mylocal.network…
Looking to mitigate potential attackers in an efficient way. I got a report weekly that i review and the IPS events can be anywhere from 0-5K intrusions attacks logged. Most of this is port scanning and I want to stop it.
I'm assuming the answer is…
Hello everybody. I have an XGS 116 and out of curiosity I ran a port-scan on my external IP. Port 8443/tcp was found to be open Is this the port we use for VPN-SSL? It's safe?
Tanks
So I attempted to get the application control working based on this article: https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/120242/sophos-xg-firewall-how-to-create-an-exception-in-application-filter but I could not get this to work…
Checking if anyone had any IPS issues today ?
Box at one of my sites picked up an IPS and Application Pattern update in the afternoon and did this .
System load got as high as 32 at a stage and had to reload box .
Could barely get into the web ui…
Dear All
Hi
I am new to using this firewall and it was installed about a month ago on the network, but since it was installed, the speed of the Internet in the network is very slow, and the ping time exceeds 1000, and I do not have a roll to disable…
The following syslog is showing application "Torrent Clients P2P" for all of our IPSec Tunnel Interface traffic. This traffic between our IPSec and internal server is not Torrent traffic. How do I reclassify this properly in the Sophos XG V18?
date…
Hi guys,
I have been trying to block hotspot shield and Betternet VPN. I have included them in the Applications Filter.
I have also changed the settings according to this guide:
https://community.sophos.com/sophos-xg-firewall/f/recommended-reads…
I have implemented Sophos XG on an old computer. I am very happy with it so far. But I was wondering if it could address an annoying challenge that I am facing these days. I have a 5yo child who plays games on an android device, and those games are bombarded…
Hello Communitiy,
from time to time we have some false positives on APT. If I check the URL with VirusTotal often Sophos is the only vendor where the URL marked as "Malicious". An example is this URL: https://coronalevel.com/Germany
If I check the…
I just upgraded from 17.5 to 18.5 MR 1 but in log viewer it doesn't show any logs for IPS.
IPS system service is on. Also, in firewall rules IPS default policies LAN to WAN are applied.
In v17.5 logs would show for IPS.
What could be the problem…
We found all the *. idv.tw domains were blocked by ATP with XG.
I have opened a case (ID: 04765685) to Sophos, but Sophos seems doesn't know the issue?
Shunze
Hello - I was told by support recently that even if I had no IPS policies assigned to my rules that some critical IPS signatures would still be applied on the backend. Its a little bit hard to believe it would do this if there were no IPS policy assigned…