• Connections time out when IPS enabled (sporadically)

    Team S Net
    Team S Net
    We have noticed that connections are sometimes interrupted for a period of 5 minutes. It is then not possible to establish new connections (external / internal) via Sophos. This happens 1-2 times per day and always at a different time. I went through…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Incorrectly Identified Applications - iCloud relay

    BLS
    BLS
    Hi, How do I report application traffic that is incorrectly identified - The below is being reported as personal network storage, when it's for iCloud private relay, and should therefore (I would ahve thought) be classified under proxy services…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • IPS updates - old issues returning

    rfcat_vk
    rfcat_vk
    Hi folks, over the last week or so I have noticed previously fixed issues with applications being incorrectly classified returning in my daily reports. Manual proxy surfing and thunder VPN. Why are these previously resolved issues appearing, does…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Zero Day Protection

    BrushTech
    BrushTech
    Is it expected for Zero Day Protection to flag chrome updating on all my machines every couple of days? Is there a way to safely add this to an exception list to prevent the hundreds of "suspicious" notifications that are being logged? I tried adding…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Version 18.5 MR4 Build 418 - Application filter "Facebook Video Playback" is not working anymore.

    Wilson James Wong
    Wilson James Wong
    BACKGROUD From FW version: Version 18.5 MR3 Build 408 - Application filter "Facebook Video Playback" is working properly. This means that in my organization Facebook is allowed to access but playing any videos within Facebook is not. ISSUE After upgrading…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • sophos xg125 firewall snort using high percentage of memory

    jack martinelli
    jack martinelli
    i turned off ips but as the screenshot shows there are 3 snort services that each one uses 10% of memory so even inmy network there is just 30 users , the memory usage is higher than 70% what should we do to lower the usage of snort services?
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • IPS service has stopped and will not restart.

    rfcat_vk
    rfcat_vk
    Hi folks, v19.0.1 MR-1 IPS service has stopped and will not restart, the error message is the process is taking too long. There are no entries in the Logviewer -> system log indicating any issues. Next step please. Update :- after two attempts…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Best way to establish secure connection

    JOSEPH WILLA
    JOSEPH WILLA
    What is the best way to established secure connection with the remote pc without being compromise security of your own pc. How to create firewall on your pc and servers? How to secure my company mail server security? Growthtakeover How to…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • IP Flood - What does it, documentation and where to configure

    TheMonzel
    TheMonzel
    Hi all, short question from my side. I just saw the row "IP Flood" under Intrusion Protection --> DoS Attacks. I was curios, why it was turned of and then saw, that there is no way to configure it. At least not in the DoS settings: Furthermore…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Unable to block Hoxx VPN

    Vineeth Penugonda
    Vineeth Penugonda
    Hi guys, I am unable to block the Hoxx VPN extension on firefox. I followed the Application filter recommended settings for better application detection ( https://soph.so/WtpQzU ). The application uses port 80/443 for VPN servers. Sophos XGS is unable…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Unable to block Socks5 Proxy

    Vineeth Penugonda
    Vineeth Penugonda
    Hi guys, I was testing if users could bypass the network restrictions using ShadowSocks. I created a server in Vultr and configured the Socks5 server. On the client side, I configured the Socks5 client. Added it has a proxy in Firefox. I am able to…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Malware 'Unscannable' was detected

    Fotit
    Fotit
    Hi all, I have this alert today on FW Sophos in Log Viewer \Malware ( look at picture), every ~1 min What does it mean and how to resolve this or stop it Thanks to all
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Blocking Instagram app

    Mohamed Ebied
    Mohamed Ebied
    HI, I have the XGS126 and it's running the latest firmware 19.0, was trying to block Instagram app, so need some assistance as I created the application filter contacting streaming media category and linked it to a policy, yet the app is still workin…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • zoom application restart in firewall network. works better in non-firewall network

    Sophos User6508
    Sophos User6508
    HI All Currently i am facing a issue with zoom application. This happens my xg210 firewall all of sudden rebooted to factory default condition and then restore to old backup. but after this incident my zoom application reboot automatically during…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • XG450 Advanced Threat Protection -> C2/Generic-A -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe - False Postive Alarm?

    EDV-Support
    EDV-Support
    Hello, we are using : Sophos XG450 (SFOS 18.5.1) During the last 2 weeks we recceived the following Security Warnings on 2 different Computers: Was ist passiert: Ein Computer hat schädliche Daten versandt. Das lässt darauf schließen, dass er mit…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • XG550 DoS settings

    LM HD OneIT
    LM HD OneIT
    Hello, I have run into an issue with DoS settings on our company's XG550 (running 18.5.4 MR-4 ). I wanted to enable DoS protection on it, so i setup a netflow server to send all netflow data to it so i could estimate the needed packet rates. And after…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Sophos suddenly detecting Trusteer Rapport?

    zeban sho
    zeban sho
    Noticed ransomware alert from a PC with C:\Windows\System32\msiexec.exe but drilling down I can see it's Trusteer Rapport. I have about a dozen machines with this software though and none of the others are alerting. I'm 99% sure it's a false positive…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • IPS and Flood Protection logs always empty in GUI

    Joshua Drost
    Joshua Drost
    Is there a setting I'm missing? Every one of our several hundred firewalls always shows empty IPS logs ("No record found"), even when the firewall shows that it has been dropping packets due to flood protection. See the screenshots below.
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • DoS & spoof protection (What settings do you recommend?)

    Fabio Danzetta work
    Fabio Danzetta work
    Hello everybody, on our firewall XG XG310 (SFOS 18.5.4 MR-4-Build418) I have enabled IPS and I also wanted to enable the various DoS & spoof protection functions. Not being an expert on the subject, I enabled everything by ticking the various "apply…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • zero-day protection Subscription module

    Fotit
    Fotit
    Hi all, xg sophos: I want to know if registration for the module in question is necessary? in order to convince the top management of this functionality, I would like to know these advantages and especially the risks and disadvantages of not subscribing…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Application control blocking websites

    Kripasindhu Ghosh
    Kripasindhu Ghosh
    Hi, one of our customer was trying to browse "https:// apex.irclass.org :82 " but failed. I have allowed the fqdn and found nothing wrong logs in web filtering and application control logs. When i removed the application control, start getting the…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • IPS Problem "OS-LINUX Linux Kernel Netfilter iptables-restore Stack-based Buffer Overflow" Epic Gamestore Minimal fix?

    Paul McGinnie
    Paul McGinnie
    Over the last month I have occasionally been getting a flood of IPS warnings Alert ID 7002 " Message: OS-LINUX Linux Kernel Netfilter iptables-restore Stack-based Buffer Overflow" No mention of the source, and nothing in the IPS tab of the log viewer…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • IPS Logging

    Paul McGinnie
    Paul McGinnie
    How does one enable logging (so one can see it in the Log Viewer in the management web interface) of IPS events. Every time I have a IPS problem, I get email notifications but the IPS Log Viewer tab is empty - how can i get it to populate? Regards…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • What happened to ZENDESK in the application list

    rfcat_vk
    rfcat_vk
    Hi folks, zendesk was classified as unsanctioned on my XG due to one IoT device continually incorrectly calling a zendesk site. Tonight I tried to correct the classification so that the Sophos Home Premium support pages would work, but receive the…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Alerts C2/Generic-A

    Guilherme Silva1
    Guilherme Silva1
    Dear, We are facing a very strange situation regarding the very frequent alerts we are getting for C2/Generic-A. Most of these alerts have origin addresses, from DNS servers, such as 8.8.8.8 for example, but what is intriguing is what in the details…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • View related content throughout Sophos Firewall
  • More
  • Cancel
<>