I'm receiving a lot of IPS alerts with SID 57103 for diferent destination IPs.
Out of interest, if you open:
What is UseHttps set to?
Hello, thanks for the reply!
I checked the file you indicated, precisely in the UTM where I have these IPS alerts the UseHttps parameter is set to zero:
In other environments (completely separate Sophos Central and UTM customer) this option is set to 1.
Do you know if this option is adjustable from Sophos Central? In the iconn.cfg file there is an indication not to edit it directly, I don't know if doing this will impact the endpoints.
I found in Sophos Central where to change the update option to HTTPS, in fact in this client it was set to HTTP. I changed it to HTTPS and I will monitor if IPS alerts stop.
I will monitor and report the result.
After enabling update via HTTPS the alerts stopped, thanks!