• Confusing speed tests with IPS & various VPN protocols

    SalishSwede
    SalishSwede
    This topic has been covered before a few times but I was hoping to get some help wrapping my head around what I'm seeing. I tested 5 VPN configurations both with and without IPS turned on. As previously documented IPS kills basic throughput (without…
    • 6 months ago
    • UTM Firewall
    • Network Protection: Firewall, NAT, QoS, & IPS
  • IPS is slowing down internet speed and causing Packet-loss on WAN interface

    SwenBross
    SwenBross
    Hello Community, We have a UTM SG430 and 1GBit/s internet connection. Now I have noticed that IPS a. prevents the line from being fully utilized. b. Long response times (100ms-500ms) and even packet loss occur when the WAN interface is heavily utilized…
    • 8 months ago
    • UTM Firewall
    • Network Protection: Firewall, NAT, QoS, & IPS
  • how to defend against (D)DOS

    TobiasBundy
    TobiasBundy
    Hi everyone, this is not a technical issue but a desparate call for advise. Our Sophos UTM-firewall (firmware version: 9.816-2) is suffering from a (D)DOS-attack that is going on for several days now. Since our internet-connection only comprises of…
    • 9 months ago
    • UTM Firewall
    • Network Protection: Firewall, NAT, QoS, & IPS
  • Sophos UTM: After Update to 9.719 IPS not working and Snort not running

    SZSZ
    SZSZ
    After update to version 9.719 IPS not working properly anymore. Every 10 minutes snort not running - restarted messages.
    • Answered
    • 9 months ago
    • UTM Firewall
    • General Discussion
  • Traffic processing flow (order of operations). IPS before Firewall?

    jlbrown
    jlbrown
    Found a post from over 10 years ago, so thought I'd ask and get a more up-to-date reply! I get alerts from the IPS saying it blocked an attack. I add the IP (if it's the same one repeatedly) to Network Protection/Firewall to drop from that IP, Any service…
    • 11 months ago
    • UTM Firewall
    • General Discussion
  • Intrusion Prevention-Warnung 93.184.221.240

    Marco Sommert
    Marco Sommert
    Hallo Sophos-Forum, ich habe immer wieder Meldungen meiner Firewall SG230 mit Intrusion Prevention Warnungen. Intrusion Prevention Alert An intrusion has been detected. The packet has been dropped automatically. You can toggle this rule…
    • over 1 year ago
    • UTM Firewall
    • German Forum
  • SNORT using a lot of CPU

    Mateusz Bender
    Mateusz Bender
    Our old Sophos UTM is definitely a bit on the "too small" side by now, but still, we're trying to get things running for at least an extra year or so. Right now we occasionally have issues with the UTM CPU usage going up to 100%, to the point where the…
    • over 1 year ago
    • UTM Firewall
    • Network Protection: Firewall, NAT, QoS, & IPS
  • DNS queries for any .tk domain are blocked by IPS.

    Jeff x
    Jeff x
    I need to allow DNS lookups for a particular .tk domain. I read this old thread but " Add an Exception for wiki.tcl.tk in 'Advanced Protection >> Advanced Threat Protection " doesn't work. The DNS lookup traffic is still blocked. I'm in the same situation…
    • over 1 year ago
    • UTM Firewall
    • Network Protection: Firewall, NAT, QoS, & IPS
  • VPN, telephony and other services no longer working

    ncor
    ncor
    Hello, Following a reboot of our servers, we are no longer able to access several internal and external services (VPN, telephony, User portal) I am neither a network expert nor an advanced user of Sophos solutions, but I will gladly provide you with…
    • over 1 year ago
    • UTM Firewall
    • Network Protection: Firewall, NAT, QoS, & IPS
  • Intrusion protection alert SERVER-OTHER TRUFFLEHUNTER TALOS-2022-1679 attack attempt

    MikR
    MikR
    Hello, our Sophos UTM 9 ( latest firmware 9.713-19 ) started to block backups of certain systems that always worked before. 2023:01:16-21:05:07 fwname snort[18187]: id="2101" severity="warn" sys="SecureNet" sub="ips" name="Intrusion protection alert…
    • over 1 year ago
    • UTM Firewall
    • General Discussion
  • UTM 9 - IPS tweaking?

    Andrew English
    Andrew English
    Is there any recommendations for tweak IPS on a SG125w running UTM 9 (latest version)? We have a 100Mb/sec LOS connection which drops from 100Mbps to 70Mbps with IPS enabled.
    • Answered
    • over 2 years ago
    • UTM Firewall
    • General Discussion
  • IPS, the firewall,RED networks, and bypassing for MSFT IPs.

    WABGOR_DAVE
    WABGOR_DAVE
    Hello all, May be a silly question, however, in the IPS service: Do we need to include the RED networks for remote offices as well? Similarly, do they (RED networks) need to be listed in the Firewall rule for Teams and the like: Finally, besides…
    • over 2 years ago
    • UTM Firewall
    • Network Protection: Firewall, NAT, QoS, & IPS
  • IPS stopped to work - file too short

    Daniel Huhardeaux
    Daniel Huhardeaux
    Hi, yesterday (sunday) at 3 am SNORT stopped to work with the result that internal nets couldn't reach Internet anymore. In the logs I found FATAL ERROR: Failed to load /usr/lib/snort/so_rules//file-java.so: /usr/lib/snort/so_rules//file-java.so:…
    • over 2 years ago
    • UTM Firewall
    • Network Protection: Firewall, NAT, QoS, & IPS
  • XG210 - IPS - "FILE-FLASH Adobe Flash Player mp4 size memory corruption attempt"

    DeComp
    DeComp
    Guten Abend, wir haben seit einiger Zeit Probleme mit verdächtigen IPS-Meldungen. Leider ist es uns nicht möglich die Ursache der Meldung zurückzuverfolgen. 2022-06-08 15:07:21IPSmessageid="07002" log_type="IDP" log_component="Signatures" log_subtype…
    • over 2 years ago
    • UTM Firewall
    • German Forum
  • IPS Alarm SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt

    Alphavil8200
    Alphavil8200
    Hallo zusammen, habe auf 2 unterschiedlichen SG's (9.711) jeweils die selbe IPS Meldung: SERVER-OTHER Kerberos 5 build_principal_va denial of service attempt In der Beschreibung der Sid 1-59640 steht nur "This rule detects a crafted Kerberos…
    • over 2 years ago
    • UTM Firewall
    • German Forum
  • Snort - no such file or directory

    Rune Gaarde
    Rune Gaarde
    Just installed Sopos UTM 9.707-5 in esxi vmware. When starting Intrusion Prevention I see in the console: /usr/bin/chroot: failed to run command '/sbin/snort' no such file or directory I have ssh'd in to the utm and checked, snort can't be found…
    • over 2 years ago
    • UTM Firewall
    • General Discussion
  • ATP Alarm C2/Generic-A Blocked DNS Requests (Forwarded from SOPHOS)

    uhrzeit
    uhrzeit
    Hi, the SOPHOS UTM Firewall of one of our Clients sporadically reports an ATP-Threat (Botnet/command-and-control traffic) that has been blocked. The "infected" Hosts are always the two Domain Controllers / DNS Servers within the network. User…
    • over 2 years ago
    • UTM Firewall
    • Management, Networking, Logging and Reporting
  • IPS listing on SUM

    Bulutistan-Network
    Bulutistan-Network
    How can i filter the firewalls that the IPS is not active on SUM. I need the make a list for the firewalls that IPS is not ON.
    • over 3 years ago
    • UTM Firewall
    • SUM: Sophos UTM Manager App
  • Slow VPN access

    SophosUser456
    SophosUser456
    Hi all! We are using SSL VPN and facing severe performance issues all the time. When using RDP, the desktop sometimes freezes and copying files to and from the remote desktop takes very long (about 1MB/s, the connections are capable of 10MB/s (home…
    • over 3 years ago
    • UTM Firewall
    • Network Protection: Firewall, NAT, QoS, & IPS
  • SG310 UTM - SID 20842 - Suddenly getting regular intrusion prevention alerts from various source IPs to Windows 10 hosts

    Jonathan Elliott
    Jonathan Elliott
    First alert we had from rule SID 20842 was on 23 Nov at 17:39 GMT. Since then have had 230 alerts to around 50 different Windows 10 hosts, all this rule, 29 different IP source addresses, all source port 80, various destination ports. Looking up the…
    • over 3 years ago
    • UTM Firewall
    • Network Protection: Firewall, NAT, QoS, & IPS
  • [SOLVED] IPS blocks all network traffic

    Tymoteusz Partyka
    Tymoteusz Partyka
    Appartently there was a problem with Snort package update. Since yesterday around 18:00 I had connectivity problems from local networks behind 2 different UTMs. The logs show the following: up2date.log 2021:11:23-18:05:13 FW01 auisys[21582]: Install…
    • Answered
    • over 3 years ago
    • UTM Firewall
    • General Discussion
  • IPS against Skype for Business (on prem at customer site)

    StephanG
    StephanG
    Hi everyone, we are having issues with the customers skype for business (still on prem) because of IPS. After a while the voice stops and our users at the office (it is working from home or data plan) cannot voip anymore. The IPS log shows the IP…
    • over 3 years ago
    • UTM Firewall
    • Network Protection: Firewall, NAT, QoS, & IPS
  • Intrusion Prevention Alert - The packet has *not* been dropped

    Tagin
    Tagin
    Ok, so how specifically do I ' set the corresponding intrusion protection rule to "drop" in WebAdmin ' per the alert email below I received? There is no 'rule' identified in the alert. Am I supposed to infer that 58442 in the snort link is the rule…
    • over 3 years ago
    • UTM Firewall
    • Network Protection: Firewall, NAT, QoS, & IPS
  • Sip Trunk Anschluss - Trennung nach 60 Sekunden - HILFE

    adrian_User533
    adrian_User533
    Hallo, wir haben bei unserer TK Anlage seit gestern einen Vodafone SIP Trunk. Seit dem werden ausgehende Gespräch exakt nach 60 Sekunden getrennt. Nicht alle, es kommt mir so vor als ob es ca. 30 Minuten läuft, dann gehen die Trennungen wieder los.…
    • over 3 years ago
    • UTM Firewall
    • German Forum
  • IPS does not show in reports

    Jeff x
    Jeff x
    I can see IPS log entries when I manually inspect the IPS log files but the IPS portion of the daily executive report has been blank for months. I used to see IPS entries in almost every daily report. Also, zero is reported for all IPS statistics on…
    • over 3 years ago
    • UTM Firewall
    • Network Protection: Firewall, NAT, QoS, & IPS
  • View related content from anywhere
  • More
  • Cancel
>