Is EXPloit Protection, work Out of the Box? Now I Find ‘ Detect and prevent exploits (IPS)’. lantoWan- general policy Which I’ve enabled. Is That the full extent of it, and A feature that Works under the Hood? Is There Any solid inFormation in XG, and…

Whenever I click Apply in ATP, I can see the spinning circle and after some time the message " The operation will take time to complete. The status can be viewed from the "Log viewer" page ". It does not matter if I change somethin, add hosts or whatever…

Good day I have a Sophos firewall XG 310 V 19.01, The firewall is at the HQ, and there are MPLS sites connecting to the head office. we are using Microsoft 365 The problem is, we are failing to open Sharepoint and Onedrive from the MPLS sites. But…

I'm having an issue with the Sophos Application Control in regards to TikTok. Yesterday I read several Sophos articles regarding this and it seems like I am beating a dead horse. At first, I hoped that an application filter would block. Apparently this…

Hi everyone, I have two firewalls connected by a dark fiber on a SFP port, the two main LAN networks are 192.168.1.0/24(FW1) and 192.168.0.0/24(FW2). In both firewalls there is a rule to allow all traffic between the two subnets, so the source and destination…

Because the online-help is pretty useless regarding this question: What is the difference between the policies on top and the last ones (in small letters)? What are better? Why double build-in?

What IPS policy should I use in the Lan to Lan rule? (vpn site to site) Thanks

We have a problem with the online recover of 2013. I tracked the problem down to the Application filter . We have an application filter applied to the firewall rule that allows several type of applications, including microsoft office and click2run…

- user is downloading an (executable) file (iCloud drive online) - download is starting in Edge -> download failed -> try again - download is starting in Edge -> download failed again - now a "sdpending.htm" is downloading (no it is not open in Browser…

How do I check an URL against an application list? Not possible to test like a web category? e.g. https://f.c2r.ts. cdn .office.net/pr/b8f9b850-328d-4355-9145-c59439a0c4cf/Office/Data/16.0.16130.20644/stream.x86.de-de.dat I know it's Office Updates but…

Hello, we have the message "an attempt to communicate with a botnet or command and control server has been detected sophos xgs". This message occurred simultaneously on 2 firewalls at 2 different locations. What further measures are recommended here…

Hello everyone, We asked this question to a Sophos rep, and we did not get a straight answer, so I figured that I would ask it here. On the UTM-9 firewalls, we had a Sandstorm license which allowed us to upload files manually. Now that we are moving to…

Dear friends! We have identified some brute force attack attempts on our email server. We carry out some ips blocks and also for some countries however some attacks come from countries that we have a relationship with so they cannot be blocked by the…

When my at-home DNS server which is running running Unbound with Adguard Home DNS contacts the root DNS servers, the root servers are detected as psiphon proxy by the firewall. I do not have any Psiphon proxy app on any of my devices. Is this a false…

Running SFOS 19.5.2 MR-2 on an XG310. In the Zero-day protection section of the Control Center, it shows 0 Recent, 274 Incidents, 330 Scanned. When I click on that, it goes to the Zero-day protection logs, and I get two pages containing a total of 38…

There are a number of zero day security alerts on my Sophos firewall tab coming from Chrome Installer. Any help would be appreciated! - The machine learning analysis and sandbox analysis shows no signs of bad intension and the overall file hash shows…

i'm using Sophos XG210 (SFOS 18.5.4 MR-4-Build418) . how to create policy for client using only whatsapp

Hi everyone, So like a lot of others here I've experienced where we get the notification that an attempt to communicate with a botnet or command and control server has been detected. And its always these same three sites: As you can see…

Hi, some users of us are using a business website that has an Application (not Web) categorization as Vulnerabilities (besides others) for some years now. It's just when you even call the start page, that the firewall blocks request. That causes me…

Hello, I have a sophos xg can you share a way to block publicip from scanning for open ports and also how can you blacklist an IP address.

Hi all , i need to allow anydesk for some administrators (lan to wan) i make this config below but it doesn't work ! Where's the problem? Source zones=LAN Source networks and devices=any During scheduled time=all the time Destination zones…

We have a customer who uses Sophos Firewall (SFOS 19.5) but has a third party antivirus tool. So no Endpoint Agent and no Intercept X is installed on the client PCs. Does it make sense at all to use App control in the Firewall Rules in this scenario…

Hi I am using XG-115 FW. What is the easiest way to block TikTok? Read number of articles published in the community and noticed that different people are talking different methods. I am confused. Hence looking for a simple answer with simple instructions…

Hi all, Upgraded customers to Veeam Backup and Replication to version 12, an started seeing theese on the backup copy jobs, for the remote repositories: 03-04-2023 14:29:31 :: Processing Error: An unknown error occurred while processing the certificate…

Hello. After importing some firewall rules from another XGS3300 running 19.5.0 over the weekend, each morning I'm coming in to find that we can't access the internet. When I check the application filter for "Block high risk (Risk Level 4 and 5) apps"…