Hi, today, i've got many IPS alerts with the source IP of UTM's LAN and WAN ports. Is this normal? Regards Meghan P.S. The address No.1 in Screenshot 1 is the LAN IP of UTM and address No.2 is the WAN IP of UTM

Hi, I'm using UTM 9 in VMware and recently setup IPSec VPN to connect to our Pronto Cloud. The connection works fine until i restarted the UTM then i get this error log below. Luckily I can restore from snapshot and it works fine. Can anyone suggest…

Hi, I need help in setting up a s2s vpn to another site (not part of my company). We're using SG430 and I've setup all the config for vpn according to the other site's configuration. The policies and encryption etc. are correct based on the information…

EDITED: BLUF, Rulz #2 you will see that the UTM "services" such as Web Proxy, WAF, DNS, DHCP, etc all take precedence over the Network Firewall rules. If you need to restrict devices from using those ports and protocols, you must do 100% of that configuration…

Hi Everyone, I have installed Web server (Linux Apache) instance in AWS and provided public access to web server through HTTP with Sophos UTM 9 and it is working fine. when I configured HTTPS for same Web server (Linux Apache) and tried to access HTTPS…

Hello, We are having several customers that they host their solutions to our data center. Until now each customer had their own firewall and their own IP range. With the current configuration we used a different firewall brand for each customer. Each…

I have a few HTTPS sites successfully published through my UTM Firewall (mostly Exchange Admin Console/Outlook Web Access). I'm now trying to set up another application, using a different domain name, but the Web Application Firewall log is reporting…

I recently have setup Sophos Home UTM 9 and I currently having trouble port forwarding my CCTV System, so I can remotely access. however when I create a rule it doesn't seem to work. I have checked the firewalls live log, and the CCTV System doesn't…

Please see the attached network topology, I'm looking for opinions on the best configuration based on performance and security. I welcome any suggestions that the experts on the forum can provide to assist with this config. I would also welcome…

Here is a step by step help article on how to do a port translation in a SOPHOS UTM 9 for RDP Step 1: Log into your SOPHOS UTM 9 appliance and go to "Definitions & Users" Step 2: Click on "Network Definitions" Step 3: Click "New Network…

I have a brand new Sophos SG 115 appliance The WAN interface connects directly to my Comcast cable modem and gets a DHCP address (I do not have a static IP address from Comcast). My SG 115 uses the Internal IP of 192.168.2.1 IP settings on my…

Hello, I've recently come across a problem that in my eyes makes no sense, I have been trying to get DNAT to work with a new DMZ server. We have an additional server in the DMZ already, fully functioning. I've tried copying every single rule and configuration…

Can someone suggest why the ATP would report an infection coming from an external address ? Thanks

Okay I have a Sophos UTM 9 Firewall set up. I have built two BIND DNS servers; one internal for doing recursive queries and one for an external domain with no recursion (so it doesn't act as if it's an open resolver.) I've correctly configured DNATs…

Hi Everyone, We seem to have an issue with our sophos dropping packets without giving any logs as to why. Below is what I sent to sophos when logged the call but hoping someone here might of seen it before for a speedier resolution as they have had…

Hey there, we got plenty of VLANs/subnets for client-PCs which we'd like to wake up in the middle of the night for update issues. Unluckily after switching to our new SG450 WOL doesn't seem to work anymore which it did with our old Cisco ASAs. I read…

Hello, I would like to write a firewall rule to drop all SSLv2 traffic attempting to travel through our UTM because of the DROWN vulnerability . We have a couple of servers susceptible to the attack and it would be nice to first block the attack at…

I have published several RDP targets through my UTMs over the years, but this particular one seems to have me stumped. So, here is my layout. Internet -->Router (Subnet 1)-->UTM--(Subnet 2) Subnet 1 houses all of my General use items (WiFi TVs, Game…

Hi all, This is truly a weird one and I hope you can help me find a solution. We have 2 ASG525's running in active-passive HA. Last night I updated one to 9.353-4 but this problem was occurring on the previous version over the last week, I was hoping…

Hi, So I have kind of fixed the slow ssl/openvpn issue, but I can't seem to find a way to put the exception in. - Part 1 of the fix was to disable the UDP flood protection - get 1.5-2mbit (otherwise caps out ~0.5mbit) - Part 2 disable IPS get full…

I am trying to add rules into the custom.rules file and added the inclusion for the custom.rule file to snort.conf include $RULE_PATH/astaro.rules include $RULE_PATH/custom.rules however any modifications to chrooted files revert back upon restart of…

I'm just setting Sophos up and haven't had too much trouble that wasn't caused by some small issue, so I'm guessing this is the same. I've went through and set up the NAT Rules , but it's still not working. The domain name can be accessed outside of the…

Hey all I just finished up setting up the UTM 9 Home edition and I currently have it up and running with eth0 as the WAN and eth1 as the LAN. However, my motherboard has a total of 8 Ethernet ports (though 2 are being used for WAN and LAN out of the 8…

Hi, I'm new to the forum, but I've been reading up a bit on the Sophos UTM IPS performance issues - which I am experiencing, and looking for suggestions on how to possibly improve this problem. I have a 100mbps down/15mpbs up cable connection with 3…

I am running a setup with a bridged FioS modem giving me a single public IP, ESX host with internal/external vSwitches, and the Sophos UTM. I am currently running a wifi router through the UTM with all of my rules in place and it is working great. I would…