• Sophos suddenly detecting Trusteer Rapport?

    zeban sho
    zeban sho
    Noticed ransomware alert from a PC with C:\Windows\System32\msiexec.exe but drilling down I can see it's Trusteer Rapport. I have about a dozen machines with this software though and none of the others are alerting. I'm 99% sure it's a false positive…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • IPS and Flood Protection logs always empty in GUI

    Joshua Drost
    Joshua Drost
    Is there a setting I'm missing? Every one of our several hundred firewalls always shows empty IPS logs ("No record found"), even when the firewall shows that it has been dropping packets due to flood protection. See the screenshots below.
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • DoS & spoof protection (What settings do you recommend?)

    Fabio Danzetta work
    Fabio Danzetta work
    Hello everybody, on our firewall XG XG310 (SFOS 18.5.4 MR-4-Build418) I have enabled IPS and I also wanted to enable the various DoS & spoof protection functions. Not being an expert on the subject, I enabled everything by ticking the various "apply…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • zero-day protection Subscription module

    Fotit
    Fotit
    Hi all, xg sophos: I want to know if registration for the module in question is necessary? in order to convince the top management of this functionality, I would like to know these advantages and especially the risks and disadvantages of not subscribing…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Application control blocking websites

    Kripasindhu Ghosh
    Kripasindhu Ghosh
    Hi, one of our customer was trying to browse "https:// apex.irclass.org :82 " but failed. I have allowed the fqdn and found nothing wrong logs in web filtering and application control logs. When i removed the application control, start getting the…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • IPS Problem "OS-LINUX Linux Kernel Netfilter iptables-restore Stack-based Buffer Overflow" Epic Gamestore Minimal fix?

    Paul McGinnie
    Paul McGinnie
    Over the last month I have occasionally been getting a flood of IPS warnings Alert ID 7002 " Message: OS-LINUX Linux Kernel Netfilter iptables-restore Stack-based Buffer Overflow" No mention of the source, and nothing in the IPS tab of the log viewer…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • IPS Logging

    Paul McGinnie
    Paul McGinnie
    How does one enable logging (so one can see it in the Log Viewer in the management web interface) of IPS events. Every time I have a IPS problem, I get email notifications but the IPS Log Viewer tab is empty - how can i get it to populate? Regards…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • What happened to ZENDESK in the application list

    rfcat_vk
    rfcat_vk
    Hi folks, zendesk was classified as unsanctioned on my XG due to one IoT device continually incorrectly calling a zendesk site. Tonight I tried to correct the classification so that the Sophos Home Premium support pages would work, but receive the…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Alerts C2/Generic-A

    Guilherme Silva1
    Guilherme Silva1
    Dear, We are facing a very strange situation regarding the very frequent alerts we are getting for C2/Generic-A. Most of these alerts have origin addresses, from DNS servers, such as 8.8.8.8 for example, but what is intriguing is what in the details…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Unable to block Hotspot Shield and Betternet VPN

    Vineeth Penugonda
    Vineeth Penugonda
    Hi guys, I have been trying to block the hotspot shield and Betternet VPN. I have included them in the Applications Filter. I created a support ticket with Sophos and we were able to block the said applications by decrypting HTTPS using web proxy…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Deny logs as IP Spoof after New interface creation

    Can carmack
    Can carmack
    Hi friends, Some kind of error logs appeared after this integration detailed below. We have added AP as a new interface like below; AP is on 192.168.11.1, all features disabled. WAN connection is on PORT#4
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Synology NAS loses connection after IPS is enabled in LAN to WAN Rule ?

    Nabil R1
    Nabil R1
    Hi, I'm struggling to understand an issue I'm facing. It seems like my NAS is losing few functionalities once I activate IPS (lantowan_general) in my LAN to WAN rule. I see some IP being blocked, unable to perform cloud sync, etc.. but it's not clear…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Can we talk about STUN traffic?

    Wayne Folta
    Wayne Folta
    I'm noticing that when I do reports or look at live connections, I see a lot of STUN traffic. And it's a LOT of traffic, which is puzzling in that I thought STUN was merely a tool to figure out how to get a direct connection when that would otherwise…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • XGS High CPU Usage - Snort

    MichaelBolton
    MichaelBolton
    I have a cluster of XGS2300 firewalls that do not seem to offload traffic via "fastpath" as they should. Sometimes it works great, but other times it seems like it doesn't offload anything. CPU utilization sits around 40-50%. Currently the firewall…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • SOPHOS XGS Application Control blocking nordVPN

    SETdevIT
    SETdevIT
    Hi , is there any Option to block nordVPN , wasn't able to find any option in the Application Control . For the most shady VPN Provider are blocking options available. We highly need to block any kind of shady VPN ´ s specally nordVPN ! We are…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • XG stops routing

    Tom Sparrow
    Tom Sparrow
    I've got a ticket open for this, but have no idea how much effort is being put into it. Any extra help gratefully received or our office is going to be offline for most of the weekend. Our XG135 suddenly stopped passing almost all traffic the other…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • google play application control Sophos XG firewall

    George hanna
    George hanna
    need to block google play app via application control in Sophos XG firewall as i couldn't find it in the application filter
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Remote VPN only to Domain Computers

    Evandro Salvador
    Evandro Salvador
    Is there a way to prevent home users to use VPN Client on the own devices? We would like to allow only Domain Computers or generate a certificate to restring user's devices. Unfortnately, I don't have Sophos Central InterceptX to use Heartbeat status…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • An attempt to communicate with a botnet or command and control server has been detected.

    Chris Anthony1
    Chris Anthony1
    Hi Everyone! Can anyone help me? I received several reports from XG Firewall that a n attempt to communicate with a botnet or command and control server has been detected. The source IP is Google's DNS (8.8.8.8 and 8.8.4.4) and my DNS (203.167.97…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Enabling IPS for internal users?

    MarkThornton
    MarkThornton
    How do I enable IPS for the data coming in as a response to client request? If I add iPS to the outbound Traffic to WAN rule will it also apply to the inbound results? I can't see where I can add it to the Traffic to WAN NAT rule.
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • most of LAN<->Server communication detected as "Torrent Clients P2P"

    LHerzog
    LHerzog
    We've replaced a SG by XGS 18.5 MR3 and there is now massive false positive detection of Torrent Client P2P traffic by application filter. Most firewall rules for internal traffic have the default Application filter applied: "Block high risk (Risk Level…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • DDOS protection explained

    Regex
    Regex
    Can anyone explain what Sophos meant when designing this menu? My experience comes from fortigate where most of options are logically ordered and described, but here im out of any How should i interprete it ? PIC 1 seems logical; Pic 2 SOPH…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • IPS Alerts which I cannot get rid of

    EdmundSackbauer
    EdmundSackbauer
    I am getting alerts like this per mail: Alert for SFVH (SFOS 18.5.3 MR-3-Build408) Cxxxxxxxxxxxxxxxxx Device Information: Hostname: gate Management Interface IP: 10.0.0.254 Date/Time: 2022-04-10 16…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Understanding IPS Alerts

    Melissa Ferguson
    Melissa Ferguson
    I have been receiving 2 IPS alerts regularly. The XG appears to drop the packet, but I am trying to understand the alert and make sure that I don't start disregarding alerts that need attention. The one happens several times a day. SCAN Zgrab Scanning…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • How to View IPS Rule IDs included in Default IPS Rules?

    ptho
    ptho
    Having received a warning from Sophos regarding For CVE-2022-22963 we were advised to check that the IPS rule 2306989 is added to our policy. Some of our rules use custom IPS policies, whereas others use the default ones, i.e. "LAN TO WAN" etc. …
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • View related content throughout Sophos Firewall
  • More
  • Cancel
<>