• Tivo flagged with - Apache HTTP Server mod_rpaf x-forwarded-for Denial of Service

    Gary21
    Gary21
    I have noticed that my Tivo is being flagged by the IPS with "Apache HTTP Server mod_rpaf x-forwarded-for Denial of Service." There were 27 instances yesterday, with 3 noted IP address targets. Is this a false positive or something that I should be concerned…
    • over 6 years ago
    • Sophos Firewall
    • Discussions
  • How to disable IPS when using WAF?

    oxident
    oxident
    Hi! Although I have selected "None" for Protection and Intrusion Protection in a specific WAF rule, I'm gettings tons of instrusion attacks on that webserver. Unfortunately, they are all false positives because the webserver is a cloud file server …
    • over 6 years ago
    • Sophos Firewall
    • Discussions
  • Need Help with QoS and a few General Things

    Amadyl
    Amadyl
    Hello there, please do not blame me for my bad english, i am not a native english speaker but i will try my best. Through a Blog i found the Sophos XG for Home and i bought an ITX System with dual NICs. Now i have a few problems. 1. IPS …
    • Answered
    • over 6 years ago
    • Sophos Firewall
    • Discussions
  • Saturday Installation Second Attempt

    SophosNewby
    SophosNewby
    So I have a second opportunity this coming Saturday to install the XG210 after some more work to my rules and help from the members here. Because our existing firewall had SIP disabled and h323 disabled, I performed the same on this device and changed…
    • over 7 years ago
    • Sophos Firewall
    • Discussions
  • #7672711 - Low bandwidth on Sophos XG 330 - Version SFOS 16.05.5 MR-5

    Desmond Besa
    Desmond Besa
    Hi Guys, I am experiencing really low bandwidth with the Sophos XG. I have tried turning of IPS, Web Filter, and Application control just to tshoot. Is there something with the OS version (SFOS 16.05.5 MR-5) that is causing this? Thanks. …
    • over 7 years ago
    • Sophos Firewall
    • Discussions
  • Drop all traffic from ip's attacker

    KoenT
    KoenT
    Dear, We are under attack since two days from two IP's. I try to block two IP's from the attackers but it doesn't seem to work. I created immediately the rule below with the two culprets, to drop and log all the traffic. The rule is the very first…
    • over 7 years ago
    • Sophos Firewall
    • Discussions
  • IPS alerts - Have I to be concerned?

    FormerMember
    FormerMember
    Hi, since I am using XG, I'am getting always IPS alerts, and I am concerned about, because I don't know the reason of these alerts. Are IPS alerts a alert about accessing websites with vulnerabilities or outdated software, or means an IPS alert…
    • Answered
    • over 7 years ago
    • Sophos Firewall
    • Discussions
  • XG310 IPS Flagging Some Adobe Files but XG125 Is Not - Same firmware / pattern updates / settings

    AllanD
    AllanD
    We are having trouble downloading some Adobe Acrobat files from one of our vendors. The files are being flagged by the IPS system under the signature "Adobe Reader PDF Engine CVE-2017-3025 Memory Corruption Vulnerability". It only is affecting about 10…
    • over 7 years ago
    • Sophos Firewall
    • Discussions
  • IPS Actions

    qasim siddiq
    qasim siddiq
    Dear All, Please anyone can explain the IPS actions like drop, reset,disable, etc. and can we block the detected black list ip's for 30 minutes and where can i find the IPS black list ip's.
    • over 7 years ago
    • Sophos Firewall
    • Discussions
  • Many IPS alerts

    FormerMember
    FormerMember
    Good morning everybody! I have many IPS alerts, is that normal? And not all of the victims IP's are in my network! I use LAN_TO_WAN standart IPS policy!
    • over 7 years ago
    • Sophos Firewall
    • Discussions
  • Intrusion Prevention Blocked Office 365 Attachments

    Matthew Trigg
    Matthew Trigg
    Hi, We have had our new XG310 in for about a week now, it has mostly been going ok. Just today though, outgoing attachments from Outlook all of a sudden stopped sending. (Stayed in Outbox) I found that all of sudden, IPS was blocking traffic to…
    • Answered
    • over 7 years ago
    • Sophos Firewall
    • Discussions
  • IPS not blocking EICAR signature

    Dean Jones
    Dean Jones
    I have a basic firewall policy set up with the default LAN_TO_WAN IPS policy enabled. I have downloaded a few different versions of the the standard EICAR test string and these appear in the firewall log under malware but they appear to make it through…
    • over 7 years ago
    • Sophos Firewall
    • Discussions
  • IPS setup

    brock eldridge
    brock eldridge
    Hello During the setup wizard to configure ports and stuff. You get the option to setup IPS and other settings. I set IPS to Lan_Wan. Do I need to do anything else or is the defaults working on recommended settings? Thank you Brock
    • over 7 years ago
    • Sophos Firewall
    • Discussions
  • Google Play Store blocked by IPS

    Gaustino
    Gaustino
    Hello, I am running XG Firewall for a few months now. However, I still have a problem which I could not solve yet. When trying to update my apps on my Android phone, Google Play Store keeps trying to download the updates. After several minutes I receive…
    • over 7 years ago
    • Sophos Firewall
    • Discussions
  • No Internet after starting IPS Service

    peter zaher
    peter zaher
    Hello Supporters, I'm facing a problem while trying to work with IPS, each time i start IPS service i lose internet connection after 1 hour (estimated). Even if i didn't associate any ips profile to any role. I tried to associate WAN to Lan on DNat…
    • over 7 years ago
    • Sophos Firewall
    • Discussions
  • XG IPS rule dropping Windows 10 Upgrade assistant packets

    PGP
    PGP
    Hi Guys, I'm trying to update couple of windows 7 pro machines to Windows 10 using windows 10 upgrade assistance. However the traffic being dropped by IPS rule LAN--> WAN. Below is what I see in logs. Time - 2017-05-09 09:53:01 Log Comp - Anomaly…
    • Answered
    • over 7 years ago
    • Sophos Firewall
    • Discussions
  • XG Best Practice, Firewall, IPS, VPN ect.

    AnthonyChallis
    AnthonyChallis
    Hi All, We have a new XG + Sophos central/interceptX. I have the firewall setup with a copy of LAN-WAN IPS with all but windows clients/servers removed, SSL decrypt+scan and yellow or above heartbeat policy setup. Is this how we should go or does…
    • Answered
    • over 7 years ago
    • Sophos Firewall
    • Discussions
  • IPS Blocking Ebay Signin

    M8ey
    M8ey
    Hi all, I am new to XG so please be nice :-) Running XG230 with SFOS 16.05.2 MR-2 and IPS Signatures 3.13.35 I have this wee issue that when a user tries to login to eBay they basically time out. Getting to eBay is fine but when they add a user…
    • over 7 years ago
    • Sophos Firewall
    • Discussions
  • IPS - Some signature are false positive

    lferrara
    lferrara
    Hi There, after some days, I would like to share some strange things with XG IPS module. See the screenshot: I have MAC at home so the first 2 signature cannot be applied. First Signature CVE: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name…
    • over 7 years ago
    • Sophos Firewall
    • Discussions
  • Exclude the traffic coming from specific website from IPS check

    Atsushi Shogo
    Atsushi Shogo
    Hello, I installed XG Firewall Home Edition last month and I'm enjoy studying it now. I have a question about the exception for IPS. Is there any way to exclude the traffic between a specific website and LAN from IPS check? I don't want to remove the…
    • Answered
    • over 7 years ago
    • Sophos Firewall
    • Discussions
  • SIP error due to MultiTech SIP UDP Overflow

    Tuna Sakar
    Tuna Sakar
    Hi, I'm new in Sophos, we decided to use SIP in our company but the Firewall rejects it. When I checked the logs I saw below errors. Would appreaciate if you can help. Log: 2017-01-09 00:35:47 Signatures Drop - …
    • Answered
    • over 7 years ago
    • Sophos Firewall
    • Discussions
  • SFOS 16.0.1.2 can't get the IPS running... (Dead, tried the previous thread)

    ReinoutNL
    ReinoutNL
    i've installed a vanilla Sophos engine and configured it to publish a bunch of services like exchange, RDG, etc. Now i was looking at my services after i got this up and running but i see now that the IPS engine is dead.... From the community i followed…
    • over 7 years ago
    • Sophos Firewall
    • Discussions
  • List of IPS rules, their description and understand if a patch or misconfiguration is in place

    lferrara
    lferrara
    UTM9 used to have a html page like this one: https://lists.astaro.com/ASGV9-IPS-rules-2970.html not reachable anymore where filtering per rule id, we were able to find signature details, CVE and other additional information in order to help administrators…
    • over 8 years ago
    • Sophos Firewall
    • Discussions
  • IPS throughput

    gimmy Hsueh
    gimmy Hsueh
    I bought a XG125 this year , and have a spec question. XG125 has high performance numbers as below : Throughput 5,000 Mbps IPS 1,000 Mbps Concurrent connections 6,200,000 New connections/sec 35,000 I read the datasheet of XG125 , cannot find the testing…
    • Answered
    • over 8 years ago
    • Sophos Firewall
    • Discussions
  • Increase in traffic dropped under TCP Flood after upgrade to V16.01.2

    Ishwarsingh
    Ishwarsingh
    There is a sudden increase in traffic dropped under TCP Flood after upgrade to V16.01.2 (XG-135). Below screenshot for ref. Please suggest a solution for this issue. Earlier V16 & V15 didn't used to show such huge numbers under traffic dropped.
    • over 8 years ago
    • Sophos Firewall
    • Discussions
  • View related content throughout Sophos Firewall
  • More
  • Cancel
<>