• An attempt to communicate with a botnet or command and control server has been detected.

    MJ_P1
    MJ_P1
    I found some malware on a client PC not long ago, which we discussed at length in this thread: https://community.sophos.com/intercept-x-endpoint/f/discussions/132693/mal-polazert-a-removal/491955#491955 . Intercept X is deployed throughout the network…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Advanced Threat Protection research

    William Capeless
    William Capeless
    I am having trouble determining what is happening here. I see the source is google dns, the destination is my internal dns server. the threat is clickmatters.biz. How do I track this down to find out what is going on. I checked web logs to see if anyone…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Sophos XG as DDoS amplification server

    J_87586
    J_87586
    Hello, After reading the following article at Arstechnica ( https://arstechnica.com/information-technology/2022/03/unending-data-floods-and-complete-resource-exhaustion-ddoses-get-meaner/?comments=1&start=0), and then the University of Maryland page…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • OFFICE Microsoft MSHTML ActiveX control bypass attempt

    Mizan Mizan
    Mizan Mizan
    I need help with the following ips log FILE-OFFICE Microsoft MSHTML ActiveX control bypass attempt Thanks Mizan
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Sophos XG block telegram but i don't want

    Sophos User5753
    Sophos User5753
    Hi, i don't understand why sophos xg mark telegram as DDOS attack.. i have disabled DDOS protection tryied to disable IPS etc from Firewall rule but nothing change... i attached last test i did maybe i'm loosing some configuration? thank yo…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Apple iCloud IMAP blocked as it was Torrent P2P

    Sophos User218
    Sophos User218
    Found a conversation here about the same problem 6 month ago, but I can't read a solution. My firewall is reporting a lot of Torrent P2P users in my network and block the application. In the same time users reports that they can't read mail on iPhone…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Rejecting VPNs programs

    Eduardo Noubleau
    Eduardo Noubleau
    Hello, noticed that VPN programs bypass Sophos blocks. I would like to know if there is any common denominator among all VPN programs, so that I can create a firewall rule preventing all these VPN programs from connecting. Thanks!
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • FILE-MULTIMEDIA Apple iTunes Playlist Overflow Attempt - What do i do now?

    Paul McGinnie
    Paul McGinnie
    Hi - I am getting a flood of: =========================================================== Alert for SFVH (SFOS 18.0.6 MR-6-Build655) XXXXXXXXXXXXX Device Information: Hostname: sophos.mylocal.network…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Auto-Block an ip that trigger IPS ?

    MattBowles
    MattBowles
    Looking to mitigate potential attackers in an efficient way. I got a report weekly that i review and the IPS events can be anywhere from 0-5K intrusions attacks logged. Most of this is port scanning and I want to stop it. I'm assuming the answer is…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • PortScan - Port 8443/tcp was found to be open

    Andre Soares
    Andre Soares
    Hello everybody. I have an XGS 116 and out of curiosity I ran a port-scan on my external IP. Port 8443/tcp was found to be open Is this the port we use for VPN-SSL? It's safe? Tanks
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Cannot seem to get Application Filter Firewall rule to work correctly

    AllanD
    AllanD
    So I attempted to get the application control working based on this article: https://community.sophos.com/sophos-xg-firewall/f/recommended-reads/120242/sophos-xg-firewall-how-to-create-an-exception-in-application-filter but I could not get this to work…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • IPS Service Issue 2022/01/25 - (SFOS 18.0.5 MR-5-Build586)

    djdrastic
    djdrastic
    Checking if anyone had any IPS issues today ? Box at one of my sites picked up an IPS and Application Pattern update in the afternoon and did this . System load got as high as 32 at a stage and had to reload box . Could barely get into the web ui…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • How to block all vpns

    Bob Dabuilder
    Bob Dabuilder
    Just found out that the fire vpn chrome extension, just bypassed my expensive firewall. Looking for suggestions?
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • XGS2100 (SFOS 18.5.1 MR-1-Build326) the internet is so slow

    Karim
    Karim
    Dear All Hi I am new to using this firewall and it was installed about a month ago on the network, but since it was installed, the speed of the Internet in the network is very slow, and the ping time exceeds 1000, and I do not have a roll to disable…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Sky Now app not working on Sophos XG

    GodAtum
    GodAtum
    According to the logs its being blocked 2022-01-20 20:19:34 Invalid Traffic Denied N/A 0 192.168.1.181 54.239.35.235 54058 443 …
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • XFRM1 Traffic classified as Torrent Clients P2P

    CyberEagle
    CyberEagle
    The following syslog is showing application "Torrent Clients P2P" for all of our IPSec Tunnel Interface traffic. This traffic between our IPSec and internal server is not Torrent traffic. How do I reclassify this properly in the Sophos XG V18? date…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Unable to block Hotspot Shield and Betternet VPN

    Vineeth Penugonda
    Vineeth Penugonda
    Hi guys, I have been trying to block hotspot shield and Betternet VPN. I have included them in the Applications Filter. I have also changed the settings according to this guide: https://community.sophos.com/sophos-xg-firewall/f/recommended-reads…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Block Android Games from Accessing Internet.

    Salman T
    Salman T
    I have implemented Sophos XG on an old computer. I am very happy with it so far. But I was wondering if it could address an annoying challenge that I am facing these days. I have a 5yo child who plays games on an android device, and those games are bombarded…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • ATP false positive?

    Ben@Network
    Ben@Network
    Hello Communitiy, from time to time we have some false positives on APT. If I check the URL with VirusTotal often Sophos is the only vendor where the URL marked as "Malicious". An example is this URL: https://coronalevel.com/Germany If I check the…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • IPS Logs Missing

    tom greene
    tom greene
    I just upgraded from 17.5 to 18.5 MR 1 but in log viewer it doesn't show any logs for IPS. IPS system service is on. Also, in firewall rules IPS default policies LAN to WAN are applied. In v17.5 logs would show for IPS. What could be the problem…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • ATP block all *.idv.tw FQDN query!?

    Shunze Lee
    Shunze Lee
    We found all the *. idv.tw domains were blocked by ATP with XG. I have opened a case (ID: 04765685) to Sophos, but Sophos seems doesn't know the issue? Shunze
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Sophos IPS still applies certain critical rules without policy assigned

    Sophos User2134
    Sophos User2134
    Hello - I was told by support recently that even if I had no IPS policies assigned to my rules that some critical IPS signatures would still be applied on the backend. Its a little bit hard to believe it would do this if there were no IPS policy assigned…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • IPS Ausnahmen für Schwachstellenscan extern auf Sophos XG

    Marcel Jordan
    Marcel Jordan
    Hallo zusammen, ich bin gerade auf der Suche die richtigen Einstellungen an einer Sophos XG zu finden um einen geplanten Schwachstellenscan auf die externen IP Adresse der Firewall durchzuführen. Im richtige Ergebnisse zu bekommen, werden die Tests…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Information Required for Apply IPS Policy for Different Rules In XG Firewall

    Emam Hossain
    Emam Hossain
    Greetings Sophos Community, I am using Sophos XG Firewall 125. I have Different Inbound and Outbound Rules. On Different Zones like WIFI to WAN, LAN to WAN (I have Applied General IPS Policy) I need Suggestion Is this Policy Type suitable for my Zones…
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • Sophos XG Home throttling bandwidth

    Robert Molina
    Robert Molina
    XG Home firewall is throttling my bandwidth. I was able to get ~900MB download on a speed test from my computer through the ISP modem (connected directly). When I was connected through my home router (wired) without the XG home firewall in the network…
    • Answered
    • over 3 years ago
    • Sophos Firewall
    • Discussions
  • View related content throughout Sophos Firewall
  • More
  • Cancel
<>