Hi Community. I did a hardware refresh of a SG125. Created a backup on my "old" appliance, started the new one, updated to the latest version and imported the backup. After some time the connection to the internet got lost (could not resolve DNS…

Just deployed a few UTM units at the customer site. They are all setup identically. One of the unit is having trouble enabling IPS. when IPS is disabled, everything works fine. However, as soon as I enable the IPS, the internal networks lose internet…

In the last 2 days we received several ATP Mail alerts from the UTM. The hostname / IP shown in the mail is not listed in the ATP Log but i can see the IP of the host on the ATP Dashboard (Advanced Protection Statistics) in webadmin. There is no exception…

Hi, I'm seeing this logs on our SG 430 9.705-3 2021:02:02-09:57:08 firewall-2 ulogd[12675]: id="2104" severity="info" sys="SecureNet" sub="ips" name="ICMP flood detected"...... 2021:02:02-09:58:05 firewall-2 snort[3052]: WARNING: SMTP memcap exceeded…

Hi folks! We have a site-to-site VPN via IPSec between an SG210 (600/40MBit) and an SG105 (70/25MBit) (both 9.705-3). If I enable IPS UDP Flood Protection (SMB-)traffic through the tunnel drops to about 270 kB/s, if disable it's about good 3,5 / 2…

Hello, recently we are seeing huge ammounts of UDP flood detections and drops during zoom meetings since 28.09.2020. Port is udp 8801. I created exceptions for all the 100+ networks of zoom. Still seeing some drops here for IPs not listed in the…

Since the installation of u2d-aptp-9.36793 on 2020:09:09 our ATP module is showing almost daily attacks but from external IPs only. ATP should only show internal IPs. The destination IP in all cases was a DNS Server of ours in the DMZ. 2020:09:09…

Hi, I am trying to run speedtests via speedtest_cli on one of my boxes to regularly check the actually available speed my ISP provides. Now the download speed is limited by my Sophos UTM box (9.510-4) by snort going to 100%. If I turn off IPS I…

Every once in a while I get a hit in Advanced Threat Protection for C2/Zbot-A. Those are single hits, with pretty benign destinations (usually targetting one of the DNS servers used by our infrastructure). The first time it happened I scanned the specific…

So, I inherited the current UTM 9 config and have been working on updating the definitions (some were out of date, some were no longer needed, etc). I found a large group called "Google Server Group" with the following entries: accounts.google.com apps…

Hello together! When i want to Download Apps from the Windows 10 Store, only a few MB are downloaded and then the download stops .. In the IPS Log i always found "MALWARE-OTHER Executable control panel file download request" (SID=33942) this Event…

We recently discovered that our UTM was blocking packets that we needed for VoIP. RTP packets were being discarded because IPS detected a UDP Flood Attack. The issue was difficult to find because the UTM was only discarding a relativly small number…

Hi guys, I keep getting the following alert and just wondered if it was anything to worry about / look further into: Intrusion Prevention Alert An intrusion has been detected. The packet has been dropped automatically. You can toggle this rule…

Hi there, I've spent a little time testing the IPS offloading or load balancing behaviors while in a High Availability Cluster setup (Active/Active). I've setup two VM's on a ESXi 6.5 physical host. VMs have all the same networks, nics, ram, disks and…

Hello, Just curious, I received a warning from my firewall that it detected the C2/Zbot-A C&C virus from an IP that points to my iphone7 (it is NOT hacked, and is fully patched IOS). The only thing in my IPS log is: "2017:09:07-05:48:08 gateway…

Hi all, I really need some straight talk to see if what I want is even possible. We currently have a 10Gb WAN connection to our home, and I'm currently utilizing a Microtik RouterBoard with ACL's for marginal security. I'm not comfortable with that level…

I'm having multiple UTMs reporting a C2/Generic-A from IP address: 45.33.9.234. I have scanned every server/PC that is reporting on and there is never anything there. I believe this is a false positive and I cannot get Sophos to help me out on this one…

My dashboard regularly shows botnet/command and control traffic detected. It is always BYOD hosts that cause it to trip. I understand protocol is to take these devices offline and scan them for viruses, but I would really like to know if there is anything…

Hi, today, i've got many IPS alerts with the source IP of UTM's LAN and WAN ports. Is this normal? Regards Meghan P.S. The address No.1 in Screenshot 1 is the LAN IP of UTM and address No.2 is the WAN IP of UTM

Hello all, Do you know if Sophos will protect our network from the APT10 Operation Cloud Hopper Malware threat ? (link points to pdf document about the malware) https://www.google.co.uk/url?sa=t&rct=j&q=&esrc=s&source=web&cd=3&cad=rja&uact=8&ved=0ahUKEwjZs_udk9vUAhWF0RoKHbxIDqoQFggxMAI&url…

Good afternoon Mrs. I need to release all AKAMAI ips range on the firewall, but I can not do that because there are many. Any tips or concerns?

We recently got Verizon FIOS gigabit in our area, so we decided to make the jump. We had 150/150 previously with no throughput problems whatsoever. Since upgrading to gigabit, however, speeds through the UTM with IPS enabled are capping out at 240Mbit…

When visiting nfl.com/draft/2017 and clicking on the Tracker tab packets are being blocked and I receive alerts like the following. Intrusion Prevention Alert An intrusion has been detected. The packet has been dropped automatically. You can toggle…

Hi all, Can someone look at the log and let me know if this is false positive? What makes me think so: 192.168.2.38 is an iPhone, 10.16.3.160, 10.16.4.22 are both MacBook Pro, 192.168.2.8 is Ubuntu, so none of the devices is actually Windows based?…