Hi All, hope you can help. Ive recently been getting a lot of alerts with this as can be seen in the image below. searching with some of the IP addresses on greynoise it shows it as commonly seen and it is nothing to worry about. i have seen that…

Hey, after deploying our new XGS3300 with SFOS v21 we noticed several IPS Alerts which are created from a Veeam Guest Interaction Proxy to the Veeam Backup Server: Attack : FILE-OTHER Adobe Premier Pro ibfs32.dll dll-load exploit attempt Attacker: Guest…

Today we've had a partial outage due to high /var partition usage. It was flapping between 70% and over 90% in a short time. /dev/var 179.3G 138.6G 40.7G 77% /var /dev/var 179.3G 138.8G 40.5G 77% /var /dev/var 179.3G 138.9G 40.4G 77% /var /dev/var…

hello, The last two days, we've been receiving an http virus mail from sophos firewall with the following message, (Malware 'Unscannable' was detected and blocked in a download from acroipm2.adobe.com). what we had done so far, full scan launched…

Hi, all of a sudden we see that our FreePBX installations triggers Network-attacks in our XGS. "Attacker" is our FreePBX, 192.168.1.22 - "Victim" is the IP of our SIP-Trunk Provider. Attack : PROTOCOL-VOIP Contact header format string attempt. This…

Hi all, im pretty new to the sophos firewall i noted that on the dashboard it showed an attack and also checked the logs whcih are both shown below. From this i can see that it was detected rather than blocked. Is there a way to set the IPS to block by…

Hello everyone, Since yesterday, we have been experiencing a consistent IPS alert from our firewall (XGS Vers. SFOS 20.0.2 MR-2-Build378 ). The affected connection is between our email gateway/proxy in the DMZ and our mail server. Every 30 minutes…

hello, I got this intrusion attempt for the first time. just don't know what to do. I looked for any recent downloads and browsing history, and asked the user if he plugged any device to the computer but nothing suspicious found. this is a screenshot…

hello, Alert Message: Message: SERVER-WEBAPP Arcadyan Routers CVE-2021-20090 Path Traversal Attempt I got this Alert today, and the attacker is one of the company's computer, I read an article about this vulnerability…

Dear Member I hope this message finds you well. I am currently encountering a significant amount of network traffic related to the Attack-FILE-IMAGE ImageMagick SyncExifProfile Out Of Bounds Array Indexing alert. the firewall ais detecting and dropping…

I found https://community.sophos.com/sophos-xg-firewall/f/discussions/110856/default-ips-policies/397166?focus=true, didn't help. Sophos pre-packages some IPS policies by default. Without having to go through each of them with a fine toothed comb, is…

Cannot send Viber attachment on desktop version but successful on mobile version. Just migrated from XG210 to XGS2100 with latest firmware SFOS 20.0.1 MR-1 Build 342. No problem in fresh setup on XGS2100 both desktop and mobile version on Viber. Thank…

Hi All Ive spent some time on the Sophos documentation but I'm unable to get to an answer via the available online resources. I have a firewall with a few basic rules. Unrestricted internet policy - less web and app filter restrictions based on…

Hello, Im doing some POC to chose the best firewall that have a good NGIPS. The default IPS profile was not able to block Impacket, psexec or any other Windows RCE. How can i made the IPS policy more strict for a LAN to LAN policy.

We have some customers who use quite sensitive software. We have had repeated session drops with one customer (always at noon on Tuesdays -GMT-) The IPS patterns are said to have been updated at this time today. IPS is only active for some external connections…

Hello All, I am a newbee to XG, but have been using UTM9 for some years. In UTM9, I could see a number of attacks being dropped every day. After I changed to XG (version SFVH [SFOS 20.0.0 GA-Build222]) I do no longer see any attacks. I have activated…

Hello Community, one of our customers requested whether we could block internet access for powershell in order to prevent sideloading of any malicious modules or scripts. On the SG firewall, I already tried adding an application block rule for…

hi, can you please show me a template for DOS best practices and proof protection

How to block applications such as advanced ip scanner from scanning the network? my product is sophos xgs 2300

Hello Community Members, I want to enable DoS & spoof protection in my Sophos XGS2100. But, To enable it for all the hosts there will be a lot of trusted MAC addresses so adding them manually is a time-consuming process. So I came across this article…

Hi Sophos community any solution for this issue. Message: SERVER-OTHER multiple products blacknurse ICMP denial of service attempt

Need help with this issue in sophos Message: SERVER-WEBAPP SNIProxy new_address Stack Buffer Overflow

For some time, we get the following IPS Log Messages: Example 1 2024-01-16 12:12:20 IPS messageid="06001" log_type="IDP" log_component="Anomaly" log_subtype="Detect" ips_policy="" ips_policy_id="0" fw_rule_id="140" fw_rule_name="x1" fw_rule_section…

Hi team I am getting this alert frequently from the firewall. please help me to resolve this

Hello, I have this alert today: intrusion prevention alert, but i don't know how to check or to diagnose this