This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Stop Adv. Threat Protection alert without whitelisting?

VirtualUTM2018 over 4 years ago

Hello,

the Advanced Threat Protection of a SG135 is notifying me about a DNS host queried by one of the network clients.

I found out that this is caused by a WiFi radio which is trying to get internet radio station lists from an (obviously) old server called 'radiobeta.net'.

There is no firmware update available for the device so I'd like to stop the alarm without adding this DNS hostname to the whitelist of ATP.

How could this be achieved? I tried a firewall rule silently dropping requests to this DNS host but ATP still warns me when the query occurs.

Thanks in advance.

Cheers,

VUTM2018

This thread was automatically locked due to age.

0 BAlfson over 4 years ago

Hallo and a belated welcome to the UTM Community!

It would be interesting to see the complete message sent by ATP.

Read through #2 in Rulz (last updated 2019-04-17) to understand that a firewall rule probably can't do what you want. A DNAT probably will.

Before creating a DNAT, I'd be interested to know if creating the following Request Route solves your issue:

If that does work, it would also be interesting to know if using 8.8.8.8 as the target server works.

Cheers - Bob

Sophos UTM Community Moderator
Sophos Certified Architect - UTM
Sophos Certified Engineer - XG
Gold Solution Partner since 2005

MediaSoft, Inc. USA
Cancel
Vote Up 0 Vote Down

Cancel
0 dirkkotte over 4 years ago

Hello VUTM2018,

i don't know such a feature. But would be useful.

Please check and vote within feature-requests:

https://www.sophos.com/en-us/support/feature-requests.aspx

Dirk

Systema Gesellschaft für angewandte Datentechnik mbH // Sophos Platinum Partner
Sophos Solution Partner since 2003
If a post solves your question, click the 'Verify Answer' link at this post.
Cancel
Vote Up 0 Vote Down

Cancel