• Unable to block Hotspot Shield and Betternet VPN

    Vineeth Penugonda
    Vineeth Penugonda
    Hi guys, I have been trying to block the hotspot shield and Betternet VPN. I have included them in the Applications Filter. I created a support ticket with Sophos and we were able to block the said applications by decrypting HTTPS using web proxy…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Deny logs as IP Spoof after New interface creation

    Can carmack
    Can carmack
    Hi friends, Some kind of error logs appeared after this integration detailed below. We have added AP as a new interface like below; AP is on 192.168.11.1, all features disabled. WAN connection is on PORT#4
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Synology NAS loses connection after IPS is enabled in LAN to WAN Rule ?

    Nabil R1
    Nabil R1
    Hi, I'm struggling to understand an issue I'm facing. It seems like my NAS is losing few functionalities once I activate IPS (lantowan_general) in my LAN to WAN rule. I see some IP being blocked, unable to perform cloud sync, etc.. but it's not clear…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Can we talk about STUN traffic?

    Wayne Folta
    Wayne Folta
    I'm noticing that when I do reports or look at live connections, I see a lot of STUN traffic. And it's a LOT of traffic, which is puzzling in that I thought STUN was merely a tool to figure out how to get a direct connection when that would otherwise…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • XGS High CPU Usage - Snort

    MichaelBolton
    MichaelBolton
    I have a cluster of XGS2300 firewalls that do not seem to offload traffic via "fastpath" as they should. Sometimes it works great, but other times it seems like it doesn't offload anything. CPU utilization sits around 40-50%. Currently the firewall…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • SOPHOS XGS Application Control blocking nordVPN

    SETdevIT
    SETdevIT
    Hi , is there any Option to block nordVPN , wasn't able to find any option in the Application Control . For the most shady VPN Provider are blocking options available. We highly need to block any kind of shady VPN ´ s specally nordVPN ! We are…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • XG stops routing

    Tom Sparrow
    Tom Sparrow
    I've got a ticket open for this, but have no idea how much effort is being put into it. Any extra help gratefully received or our office is going to be offline for most of the weekend. Our XG135 suddenly stopped passing almost all traffic the other…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • google play application control Sophos XG firewall

    George hanna
    George hanna
    need to block google play app via application control in Sophos XG firewall as i couldn't find it in the application filter
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Remote VPN only to Domain Computers

    Evandro Salvador
    Evandro Salvador
    Is there a way to prevent home users to use VPN Client on the own devices? We would like to allow only Domain Computers or generate a certificate to restring user's devices. Unfortnately, I don't have Sophos Central InterceptX to use Heartbeat status…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • An attempt to communicate with a botnet or command and control server has been detected.

    Chris Anthony1
    Chris Anthony1
    Hi Everyone! Can anyone help me? I received several reports from XG Firewall that a n attempt to communicate with a botnet or command and control server has been detected. The source IP is Google's DNS (8.8.8.8 and 8.8.4.4) and my DNS (203.167.97…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Enabling IPS for internal users?

    MarkThornton
    MarkThornton
    How do I enable IPS for the data coming in as a response to client request? If I add iPS to the outbound Traffic to WAN rule will it also apply to the inbound results? I can't see where I can add it to the Traffic to WAN NAT rule.
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • most of LAN<->Server communication detected as "Torrent Clients P2P"

    LHerzog
    LHerzog
    We've replaced a SG by XGS 18.5 MR3 and there is now massive false positive detection of Torrent Client P2P traffic by application filter. Most firewall rules for internal traffic have the default Application filter applied: "Block high risk (Risk Level…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • DDOS protection explained

    Regex
    Regex
    Can anyone explain what Sophos meant when designing this menu? My experience comes from fortigate where most of options are logically ordered and described, but here im out of any How should i interprete it ? PIC 1 seems logical; Pic 2 SOPH…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • IPS Alerts which I cannot get rid of

    EdmundSackbauer
    EdmundSackbauer
    I am getting alerts like this per mail: Alert for SFVH (SFOS 18.5.3 MR-3-Build408) Cxxxxxxxxxxxxxxxxx Device Information: Hostname: gate Management Interface IP: 10.0.0.254 Date/Time: 2022-04-10 16…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Understanding IPS Alerts

    Melissa Ferguson
    Melissa Ferguson
    I have been receiving 2 IPS alerts regularly. The XG appears to drop the packet, but I am trying to understand the alert and make sure that I don't start disregarding alerts that need attention. The one happens several times a day. SCAN Zgrab Scanning…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • How to View IPS Rule IDs included in Default IPS Rules?

    ptho
    ptho
    Having received a warning from Sophos regarding For CVE-2022-22963 we were advised to check that the IPS rule 2306989 is added to our policy. Some of our rules use custom IPS policies, whereas others use the default ones, i.e. "LAN TO WAN" etc. …
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • An attempt to communicate with a botnet or command and control server has been detected.

    MJ_P1
    MJ_P1
    I found some malware on a client PC not long ago, which we discussed at length in this thread: https://community.sophos.com/intercept-x-endpoint/f/discussions/132693/mal-polazert-a-removal/491955#491955 . Intercept X is deployed throughout the network…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Advanced Threat Protection research

    William Capeless
    William Capeless
    I am having trouble determining what is happening here. I see the source is google dns, the destination is my internal dns server. the threat is clickmatters.biz. How do I track this down to find out what is going on. I checked web logs to see if anyone…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Sophos XG as DDoS amplification server

    J_87586
    J_87586
    Hello, After reading the following article at Arstechnica ( https://arstechnica.com/information-technology/2022/03/unending-data-floods-and-complete-resource-exhaustion-ddoses-get-meaner/?comments=1&start=0), and then the University of Maryland page…
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • OFFICE Microsoft MSHTML ActiveX control bypass attempt

    Mizan Mizan
    Mizan Mizan
    I need help with the following ips log FILE-OFFICE Microsoft MSHTML ActiveX control bypass attempt Thanks Mizan
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Sophos XG block telegram but i don't want

    Sophos User5753
    Sophos User5753
    Hi, i don't understand why sophos xg mark telegram as DDOS attack.. i have disabled DDOS protection tryied to disable IPS etc from Firewall rule but nothing change... i attached last test i did maybe i'm loosing some configuration? thank yo…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Apple iCloud IMAP blocked as it was Torrent P2P

    Sophos User218
    Sophos User218
    Found a conversation here about the same problem 6 month ago, but I can't read a solution. My firewall is reporting a lot of Torrent P2P users in my network and block the application. In the same time users reports that they can't read mail on iPhone…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Rejecting VPNs programs

    Eduardo Noubleau
    Eduardo Noubleau
    Hello, noticed that VPN programs bypass Sophos blocks. I would like to know if there is any common denominator among all VPN programs, so that I can create a firewall rule preventing all these VPN programs from connecting. Thanks!
    • Answered
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • FILE-MULTIMEDIA Apple iTunes Playlist Overflow Attempt - What do i do now?

    Paul McGinnie
    Paul McGinnie
    Hi - I am getting a flood of: =========================================================== Alert for SFVH (SFOS 18.0.6 MR-6-Build655) XXXXXXXXXXXXX Device Information: Hostname: sophos.mylocal.network…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • Auto-Block an ip that trigger IPS ?

    MattBowles
    MattBowles
    Looking to mitigate potential attackers in an efficient way. I got a report weekly that i review and the IPS events can be anywhere from 0-5K intrusions attacks logged. Most of this is port scanning and I want to stop it. I'm assuming the answer is…
    • over 2 years ago
    • Sophos Firewall
    • Discussions
  • View related content throughout Sophos Firewall
  • More
  • Cancel
<>