Dear Member I hope this message finds you well. I am currently encountering a significant amount of network traffic related to the Attack-FILE-IMAGE ImageMagick SyncExifProfile Out Of Bounds Array Indexing alert. the firewall ais detecting and dropping…

Hello: Yesterday I started seeing these IP_SPOOF violations from our remote site that is on the allowed list in the DNAT firewall rule. They are unable to connect or ping our DNAT devices setup behind the firewall. We can connect to them with out…

I found https://community.sophos.com/sophos-xg-firewall/f/discussions/110856/default-ips-policies/397166?focus=true, didn't help. Sophos pre-packages some IPS policies by default. Without having to go through each of them with a fine toothed comb, is…

Hey Folks, we rolled out a XGS126 in our Branch yesterday (before SG125) and we cannot get Veeam to work backing up our Branch VMs. The Branch is connected via IPSEC VPN Tunnel to our Datacenter (Sophos SG310). I already found the older thread Veeam…

Cannot send Viber attachment on desktop version but successful on mobile version. Just migrated from XG210 to XGS2100 with latest firmware SFOS 20.0.1 MR-1 Build 342. No problem in fresh setup on XGS2100 both desktop and mobile version on Viber. Thank…

Hello, there's a way to block "WPS Office" from download? many thanks best regards

Hi All Ive spent some time on the Sophos documentation but I'm unable to get to an answer via the available online resources. I have a firewall with a few basic rules. Unrestricted internet policy - less web and app filter restrictions based on…

Hello All, I have added the "Block high risk (Risk level 4 and 5) apps" to the " Identify and control applications (App control)" part of Lan-To-Wan Firewall rule. With this in the La-To-Wan firewall rule, I can not connect to a remote computer, using…

Hello, Im doing some POC to chose the best firewall that have a good NGIPS. The default IPS profile was not able to block Impacket, psexec or any other Windows RCE. How can i made the IPS policy more strict for a LAN to LAN policy.

Hello Team, I hope this message finds you well. I am writing to seek your assistance regarding a configuration issue I am facing with our sophos xgs firewall setup. We have recently configured traffic flow and firewall rules for inbound and outbound…

What is the best way to block users from using any version of Team viewer and Any desk and what ports have you used if we need to block ports? How to do that on Sophos?

We have some customers who use quite sensitive software. We have had repeated session drops with one customer (always at noon on Tuesdays -GMT-) The IPS patterns are said to have been updated at this time today. IPS is only active for some external connections…

Hello All, I am a newbee to XG, but have been using UTM9 for some years. In UTM9, I could see a number of attacks being dropped every day. After I changed to XG (version SFVH [SFOS 20.0.0 GA-Build222]) I do no longer see any attacks. I have activated…

Hello, Do you have any recommendations for classifying financial services/banks and bank websites in the Application object? I need to use SDWAN for this type of service, but generally access to these sites are classified as "Secure Socket Layer…

Hello Community, one of our customers requested whether we could block internet access for powershell in order to prevent sideloading of any malicious modules or scripts. On the SG firewall, I already tried adding an application block rule for…

Hello team, We would like to know which Category unblocks the Buil-in copilot that is coming with Microsoft Edge. Is there an exception be made specific to co-pilot alone?

I noticed in The Logs from our Router that there is 1.25GB Upload on STUN and about 850MB Download STUN. Could someone please tell me what that could, I say could be ? Could it be video chatting over WhatsAPP OR FACETIME ?.

hi, can you please show me a template for DOS best practices and proof protection

Hello Community, Is there a way to create a "bypass" for Application Control in Sophos Firewall that is applied to a client IP address? In the old UTM 9 interface, I used to be able to assign hosts to bypass lists, which would bypass all Application…

Sophos v20 GA I have never noticed this IP Flood protection before. It is not applied, but I cannot see it's activation anywhere in the GUI. All I see activatable is SYN, UDP, TCP and ICMP, Dropped source routed packets, Disable ICMP/ICMPv6 redirect…

Hi Sophos, A user at our org was sent a link to access a document online. This document was hosted by autoexel[.]info which doesn't flag up as malicious using any of the tools available to us, but the Sophos Firewall determines is a TOR Proxy, and…

How to block applications such as advanced ip scanner from scanning the network? my product is sophos xgs 2300

Ok unless I am missing something, you: Create an Application Filter, set it to Block. But in the GUI overview it shows default action is Allow. You have to edit the policy to see it's set to block. Poor design and visually confusing. Create a Firewall…

I have two FQDN hosts : Instagram (*.instagram.com) and Facebook (*.facebook.com). These two FQDN hosts are added in an FQDN host group named Social Media. A rule in "Traffic to WAN" is configured for LAN to WAN that rejects this specific FQDN Host…

Hello Community Members, I want to enable DoS & spoof protection in my Sophos XGS2100. But, To enable it for all the hosts there will be a lot of trusted MAC addresses so adding them manually is a time-consuming process. So I came across this article…