In our OT network, we're considering adding a Level 2.5 DMZ to bolster security. This would serve as an additional layer of protection between the control systems (Level 2) and the enterprise network (Level 4). Specific Design: Level 2.5 DMZ: Host…

Hello Community, we use a Sophos UTM cluster consisting of two nodes running on Sophos UTM 9.718-5 This Cluster routes the traffic through specific vlans. We have strange behavior with windows server vms that are operated in vlans behind the sophos…

Hi everyone, this is not a technical issue but a desparate call for advise. Our Sophos UTM-firewall (firmware version: 9.816-2) is suffering from a (D)DOS-attack that is going on for several days now. Since our internet-connection only comprises of…

I have two internet connections from two different ISPs. Let one be called X and the other be called Y. X and Y are separately connected to a firewall. I use X actively. I want Y to be active when X loses internet connection. Then, when X internet connection…

Does the order of Sophos UTM "Network Protection" firewall rules matter at all?!?!?! On my sophos utm, the "Network Protection" firewall rules are as follows (summarizing) Top Rule = deny PrivateIP#1... any protocol... to any external ip (block…

Hello Sophos Community, I noticed a strange phenomenon when I wanted to set up a guest network. Since this network has no access to other networks and should be able to browse the internet freely, I created a firewall rule as follows: Guest network -…

Hello, I have multiple messages in Advanced Tread Protection. 2023:06:22-03:43:37 xxx ulogd[13536]: id="2022" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped (ATP)" action="drop" fwrule="63001" initf="eth0" threatname="C2/Generic…

For all searching for this Problem with Teams not showing the calender app using hybrid szenario. Refering to this basic guide: Sophos UTM: Create WAF to allow traffic through Exchange 2016 using the MS Connection Tool: https://testconnectivity…

What is the best way to block all traffic to .zip TLD via UTM9? Normally I would use web filter profile with regex, but that isn't working. I've already blocked via intune where applicable, but that doesn't cover all devices.

Hi, I am having issue with my dyndns.org:8081 to brows from inside of network. I have an Oracle Server and this server i can access from outside of network through dyndns.org:8081 but when i am in local Lan…

Looking for suggestions on how to find the cause of tcp communication failures. I have some systems running "behind" a DomU SG UTM Firmware version: 9.714-4 on a XCP-ng 7.6 hypervisor with an AMD Opteron 6220 CPU. Everything works fine. Specifically…

YouTube and Facebook access block specify users with static IP address

So this is basic I'm setting up a firewall rule to allow specific VPN traffic Here's the specific service definition Attempting to setup a VPN, I get this... Here are some of the same drops from the full firewall log Why is this traffic…

Hello, We have created a website that is hosted internally and can be accessible. But we want that website to be accessible on the internet without VPN. (I can access it with VPN) I created a DNAT rule to allow any traffic from outside to that server…

Hello, For a few days we have been receiving disturbing mail notifications from our UTM sophos. I hope you can help me to identify and maybe solve the problem. For security reasons, I replaced the public IP of our Sophos UTM. The notification provides…

Hello everyone, a customer requires us to use the Web Protection of his UTM. He wants to block all sorts of traffic. The moment I activate the Web Protection all VLAN Network separation that is configured in the Firewall is basically gone and I can ping…

Hi, yesterday (sunday) at 3 am SNORT stopped to work with the result that internal nets couldn't reach Internet anymore. In the logs I found FATAL ERROR: Failed to load /usr/lib/snort/so_rules//file-java.so: /usr/lib/snort/so_rules//file-java.so:…

I think what we all were thinking, finished my Sophos UTM Udemy course, thanks for all of your suppor without this community, it wouldn't be easy as much as it is now, I just wanna thank the Sophs Community for your support. If you wanna take a look…

Hello, Today i found something weird on my UTM logs, the client downloaded some files from Internet and i see the the traffic it show opposite direction, the download content should appear as Inbound traffic but below screenshot show totally wrong.…

Newbie question. I am running Sophos Home UTM 9 software appliance on a server I built. I have an app running on a single workstation that needs to communicated in and out on ports 4000 and 4001. I set up the following rules but it doesn't seem to be…

Hello, I am new to the community and am is looking forward to learning for others, especially about phishing. Thanks

UTM 9.707 I recall at some point the firewall log did record the blocked country connection attempts. It appears to not do so any more. cc set geoip log on Returns # cc set geoip log on 0 { 'Nattrs' => [ 'nodelist' ], 'attrs' => [], 'check' =…

Hello guys, I am trying to create a DNAT rule for a server based in a DMZ network. We have a wifi controller in the DMZ where Access Points from different onsite and offsite locations connect to through two different ports over WAN. I managed that…

Hello all, Networking certainly isn't my forte and I've only really been handling our UTM sporadically for 2 years, so please bear with me. I did not install the UTM nor was I the primary admin, but I want to make sure that we're decently secure. …

Hi! Running an SSG330. I have a strange situation and I am a bit at my wits end. I have a subnet attached to a VLAN interface, which is applied on the Sophos LAN interface. I have setup masquerading for this subnet to the SSG330's External interface…