I am getting alerts like this per mail: Alert for SFVH (SFOS 18.5.3 MR-3-Build408) Cxxxxxxxxxxxxxxxxx Device Information: Hostname: gate Management Interface IP: 10.0.0.254 Date/Time: 2022-04-10 16…

I have been receiving 2 IPS alerts regularly. The XG appears to drop the packet, but I am trying to understand the alert and make sure that I don't start disregarding alerts that need attention. The one happens several times a day. SCAN Zgrab Scanning…

Having received a warning from Sophos regarding For CVE-2022-22963 we were advised to check that the IPS rule 2306989 is added to our policy. Some of our rules use custom IPS policies, whereas others use the default ones, i.e. "LAN TO WAN" etc. …

I need help with the following ips log FILE-OFFICE Microsoft MSHTML ActiveX control bypass attempt Thanks Mizan

Hi, i don't understand why sophos xg mark telegram as DDOS attack.. i have disabled DDOS protection tryied to disable IPS etc from Firewall rule but nothing change... i attached last test i did maybe i'm loosing some configuration? thank yo…

Hi - I am getting a flood of: =========================================================== Alert for SFVH (SFOS 18.0.6 MR-6-Build655) XXXXXXXXXXXXX Device Information: Hostname: sophos.mylocal.network…

Looking to mitigate potential attackers in an efficient way. I got a report weekly that i review and the IPS events can be anywhere from 0-5K intrusions attacks logged. Most of this is port scanning and I want to stop it. I'm assuming the answer is…

Checking if anyone had any IPS issues today ? Box at one of my sites picked up an IPS and Application Pattern update in the afternoon and did this . System load got as high as 32 at a stage and had to reload box . Could barely get into the web ui…

Dear All Hi I am new to using this firewall and it was installed about a month ago on the network, but since it was installed, the speed of the Internet in the network is very slow, and the ping time exceeds 1000, and I do not have a roll to disable…

I just upgraded from 17.5 to 18.5 MR 1 but in log viewer it doesn't show any logs for IPS. IPS system service is on. Also, in firewall rules IPS default policies LAN to WAN are applied. In v17.5 logs would show for IPS. What could be the problem…

Hello - I was told by support recently that even if I had no IPS policies assigned to my rules that some critical IPS signatures would still be applied on the backend. Its a little bit hard to believe it would do this if there were no IPS policy assigned…

Hallo zusammen, ich bin gerade auf der Suche die richtigen Einstellungen an einer Sophos XG zu finden um einen geplanten Schwachstellenscan auf die externen IP Adresse der Firewall durchzuführen. Im richtige Ergebnisse zu bekommen, werden die Tests…

Greetings Sophos Community, I am using Sophos XG Firewall 125. I have Different Inbound and Outbound Rules. On Different Zones like WIFI to WAN, LAN to WAN (I have Applied General IPS Policy) I need Suggestion Is this Policy Type suitable for my Zones…

I thought it was weird that Sophos was rating the Log4j vulnerability as the lowest severity, when everyone else in the world considers it a high risk. But it appears that Sophos has just always got their documentation wrong. Looking at all the IPS…

does anybody know what the cause of this alert ? also i want to stop it from it source ?

We are currently deploying an XGS116 running FW SFOS 18.5.1 MR-1-Build326 . We noticed that the IPS feature is causing a severe delay of 3-5 seconds when opening websites. Interestingly enough this delay is also happening when NO IPS policy is applied…

Hi there, I'm trying to add a custom IPS Pattern which does not work as described here: Add a custom IPS signature (sophos.com) The online documentation does not says anything about >> ; <<. Can somone share a working custom IPS pattern example…

Dear Comminity, I've a customer with an HA pair of XG135 with SFOS 18.0.5 MR-5-Build586. They are facing random reboot of the appliance that force a change HA status. During this reboot they 5/10 minutes of disconnectoin. I've open a sophos case…

Hi, I have a sophos xg 210. It was working fine but it recently started to behave strange. The antivirus and IPS engine service is stops, when I restart it stops again and keep doing that. I have just update firmware from SFOS 18.0.5 MR-5-Build586 to…