Greetings Sophos Community, I am using Sophos XG Firewall 125. I have Different Inbound and Outbound Rules. On Different Zones like WIFI to WAN, LAN to WAN (I have Applied General IPS Policy) I need Suggestion Is this Policy Type suitable for my Zones…

XG Home firewall is throttling my bandwidth. I was able to get ~900MB download on a speed test from my computer through the ISP modem (connected directly). When I was connected through my home router (wired) without the XG home firewall in the network…

I thought it was weird that Sophos was rating the Log4j vulnerability as the lowest severity, when everyone else in the world considers it a high risk. But it appears that Sophos has just always got their documentation wrong. Looking at all the IPS…

Hello - I was told by support recently that even if I had no IPS policies assigned to my rules that some critical IPS signatures would still be applied on the backend. Its a little bit hard to believe it would do this if there were no IPS policy assigned…

does anybody know what the cause of this alert ? also i want to stop it from it source ?

I want to disable IPS service as i am not using it , so i manually stopping it every time i reboot Sophos XG . so how can i disable it from startup after reboot Thanks

We are currently deploying an XGS116 running FW SFOS 18.5.1 MR-1-Build326 . We noticed that the IPS feature is causing a severe delay of 3-5 seconds when opening websites. Interestingly enough this delay is also happening when NO IPS policy is applied…

Hi there, I'm trying to add a custom IPS Pattern which does not work as described here: Add a custom IPS signature (sophos.com) The online documentation does not says anything about >> ; <<. Can somone share a working custom IPS pattern example…

I have gone through the steps in the documentation for configuring WAF and the rule's traffic count increases accordingly when the web server is accessed. However, I can't seem to be able to verify that it is actually being protected. Almost all protection…

Dear Comminity, I've a customer with an HA pair of XG135 with SFOS 18.0.5 MR-5-Build586. They are facing random reboot of the appliance that force a change HA status. During this reboot they 5/10 minutes of disconnectoin. I've open a sophos case…

Hi, I have a sophos xg 210. It was working fine but it recently started to behave strange. The antivirus and IPS engine service is stops, when I restart it stops again and keep doing that. I have just update firmware from SFOS 18.0.5 MR-5-Build586 to…

Is there a service in Sophos XG that automatically blocks the ip of the client that is trying to brute force access a web server? That is, if there is, what can be an effective way to prevent brute force attacks on, for example, an apache server that…

Hi community, we found many of the following entries in the /log/ips.log without facing any service interruptions or performance issues. XG450_WP02_SFOS 18.0.5 MR-5-Build586# tail /log/ips.log [Sep 03 08:49:53 :25629]:Error reading session data,status…

I logged into the web console and noticed the IPS Service was red in the Control Center. I attempted to restart from the web interface but I received a "failed to start" message each time I tried. I also tried rebooting and went to manually update patterns…

Keep receiving Sophos Critical Notification Alerts emails for Intrusion Prevention Alerts We use OpenDNS DNS Host Servers as our primary dns and secondary dns. All these alerts are all outbound traffic from desktop computers to OpenDNS DNS Host Servers…

System Sophos home license on an XG 125. Running latest firmware. Issue This is kind of interesting. I recently upgraded to gigabit internet. When the LAN to WAN firewall rule is enabled with nothing other than logging, my downloads are around 925Mbps…

Since installing multiple XG Firewalls in a multi-site environment, we have been plagued with "random" outages that last between 30-90 seconds. I have finally correlated this with Pattern updates for either ATP, AV or IPS. During the time of the definition…

I recently came across an internal port scanner that was scanning ports on our Sophos XG firewall. Somehow this scanner got on a server. I was able to find this when I got an alert that there was a failed SSH authentication. There was not an actual authentication…

Hello there, I need help with something. When I send/receive mail in Outlook, an error message returns, and then on my firewall device, the mail server IP that I receive external service from appears as Intrusion attacks. What is the problem and how can…

In the Firewall and SSL/TLS Inspection logs I can see positive and negative results.But I see nothing at all in the ATP, IPS, App Filter, Malware, and Zero-Day logs. Would they only show negative events -- i.e. malware in a download -- or should this…

Hello everyone, I have a firewall running SFOS 18.0.5 MR-5-Build586. I am receiving email alerts when IPS detects something. Problem is, I am missing some info there. At least the source attack ip and the action that was taken. I have looked through…

Assume, that I got the following email: This almost says nothing. The hostname above is the host name of the XG, not the source or the destination of the attack. Information, that I really must have: - Source IP of attacker - Destination IP - Some…

Hi Folks, today the XG has decided that some of the DHCP requests are DDOS attacks and my security cameras are generating DDOS attacks. The cameras connect then immediately drop out. These cameras have been working for months. I end up with a IPS…

Hi folks, I rebuilt my XG on the 22nd of April and most firmware that I expect to update has except IPS and Application. Please advise when IPS and Application will be updated? Ian

Hi, Suddenly I am not able to access Internet because of below on my sophos xg FW. The source IP is sophos Interface to ISP. This suddenly happened a few hours ago. What do I need to do?