I have noticed that my Tivo is being flagged by the IPS with "Apache HTTP Server mod_rpaf x-forwarded-for Denial of Service." There were 27 instances yesterday, with 3 noted IP address targets. Is this a false positive or something that I should be concerned…

Hi! Although I have selected "None" for Protection and Intrusion Protection in a specific WAF rule, I'm gettings tons of instrusion attacks on that webserver. Unfortunately, they are all false positives because the webserver is a cloud file server …

Hello there, please do not blame me for my bad english, i am not a native english speaker but i will try my best. Through a Blog i found the Sophos XG for Home and i bought an ITX System with dual NICs. Now i have a few problems. 1. IPS …

So I have a second opportunity this coming Saturday to install the XG210 after some more work to my rules and help from the members here. Because our existing firewall had SIP disabled and h323 disabled, I performed the same on this device and changed…

Hi Guys, I am experiencing really low bandwidth with the Sophos XG. I have tried turning of IPS, Web Filter, and Application control just to tshoot. Is there something with the OS version (SFOS 16.05.5 MR-5) that is causing this? Thanks. …

Dear, We are under attack since two days from two IP's. I try to block two IP's from the attackers but it doesn't seem to work. I created immediately the rule below with the two culprets, to drop and log all the traffic. The rule is the very first…

Hi, since I am using XG, I'am getting always IPS alerts, and I am concerned about, because I don't know the reason of these alerts. Are IPS alerts a alert about accessing websites with vulnerabilities or outdated software, or means an IPS alert…

We are having trouble downloading some Adobe Acrobat files from one of our vendors. The files are being flagged by the IPS system under the signature "Adobe Reader PDF Engine CVE-2017-3025 Memory Corruption Vulnerability". It only is affecting about 10…

Dear All, Please anyone can explain the IPS actions like drop, reset,disable, etc. and can we block the detected black list ip's for 30 minutes and where can i find the IPS black list ip's.

Good morning everybody! I have many IPS alerts, is that normal? And not all of the victims IP's are in my network! I use LAN_TO_WAN standart IPS policy!

Hi, We have had our new XG310 in for about a week now, it has mostly been going ok. Just today though, outgoing attachments from Outlook all of a sudden stopped sending. (Stayed in Outbox) I found that all of sudden, IPS was blocking traffic to…

I have a basic firewall policy set up with the default LAN_TO_WAN IPS policy enabled. I have downloaded a few different versions of the the standard EICAR test string and these appear in the firewall log under malware but they appear to make it through…

Hello During the setup wizard to configure ports and stuff. You get the option to setup IPS and other settings. I set IPS to Lan_Wan. Do I need to do anything else or is the defaults working on recommended settings? Thank you Brock

Hello, I am running XG Firewall for a few months now. However, I still have a problem which I could not solve yet. When trying to update my apps on my Android phone, Google Play Store keeps trying to download the updates. After several minutes I receive…

Hello Supporters, I'm facing a problem while trying to work with IPS, each time i start IPS service i lose internet connection after 1 hour (estimated). Even if i didn't associate any ips profile to any role. I tried to associate WAN to Lan on DNat…

Hi Guys, I'm trying to update couple of windows 7 pro machines to Windows 10 using windows 10 upgrade assistance. However the traffic being dropped by IPS rule LAN--> WAN. Below is what I see in logs. Time - 2017-05-09 09:53:01 Log Comp - Anomaly…

Hi All, We have a new XG + Sophos central/interceptX. I have the firewall setup with a copy of LAN-WAN IPS with all but windows clients/servers removed, SSL decrypt+scan and yellow or above heartbeat policy setup. Is this how we should go or does…

Hi all, I am new to XG so please be nice :-) Running XG230 with SFOS 16.05.2 MR-2 and IPS Signatures 3.13.35 I have this wee issue that when a user tries to login to eBay they basically time out. Getting to eBay is fine but when they add a user…

Hi There, after some days, I would like to share some strange things with XG IPS module. See the screenshot: I have MAC at home so the first 2 signature cannot be applied. First Signature CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name…

Hello, I installed XG Firewall Home Edition last month and I'm enjoy studying it now. I have a question about the exception for IPS. Is there any way to exclude the traffic between a specific website and LAN from IPS check? I don't want to remove the…

Hi, I'm new in Sophos, we decided to use SIP in our company but the Firewall rejects it. When I checked the logs I saw below errors. Would appreaciate if you can help. Log: 2017-01-09 00:35:47 Signatures Drop - …

i've installed a vanilla Sophos engine and configured it to publish a bunch of services like exchange, RDG, etc. Now i was looking at my services after i got this up and running but i see now that the IPS engine is dead.... From the community i followed…

UTM9 used to have a html page like this one: https://lists.astaro.com/ASGV9-IPS-rules-2970.html not reachable anymore where filtering per rule id, we were able to find signature details, CVE and other additional information in order to help administrators…

I bought a XG125 this year , and have a spec question. XG125 has high performance numbers as below : Throughput 5,000 Mbps IPS 1,000 Mbps Concurrent connections 6,200,000 New connections/sec 35,000 I read the datasheet of XG125 , cannot find the testing…

There is a sudden increase in traffic dropped under TCP Flood after upgrade to V16.01.2 (XG-135). Below screenshot for ref. Please suggest a solution for this issue. Earlier V16 & V15 didn't used to show such huge numbers under traffic dropped.