I'm receiving a lot of IPS alerts with SID 57103 for diferent destination IPs.
Out of interest, if you open:
What is UseHttps set to?
Olá Fabio and welcome to the UTM Community!
Excellent and thorough explanation of the situation. I think this needs to have someone look at it - probably a 2nd- or 3rd-level engineer at Sophos Support as it involves both UTM and Intercept X. Please share with us what they conclude.
Cheers - Bob
Hello, thanks for the reply!
I checked the file you indicated, precisely in the UTM where I have these IPS alerts the UseHttps parameter is set to zero:
In other environments (completely separate Sophos Central and UTM customer) this option is set to 1.
Do you know if this option is adjustable from Sophos Central? In the iconn.cfg file there is an indication not to edit it directly, I don't know if doing this will impact the endpoints.
I found in Sophos Central where to change the update option to HTTPS, in fact in this client it was set to HTTP. I changed it to HTTPS and I will monitor if IPS alerts stop.
I will monitor and report the result.
Hi, thanks for the reply!
I'm testing the update change to HTTPS on these customers, but in parallel I'll trigger Sophos support as suggested. Having an answer from them I share with you.
After enabling update via HTTPS the alerts stopped, thanks!