Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 4 subscribers
  • Views 1918 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos UTM: How do we check Advanced Threat Protection (ATP) case if Source IP address or host is IP address of the Sophos?

Minh Nhut Tran

Hi all,

I have a problem with Sophos SG 135.


I have two Sophos devices from different places (Office A & Office B). Office A using Sophos SG 230 and office B using Sophos SG 135.


I've already configured VPN Site-to-Site between office A and B.


Recently, I received notification email from Sophos SG 230 at the office A related to "Advanced Threat Protection".

http://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/C2~Generic-A.aspx


Especially, Source IP address or host is IP address of the Sophos SG 135 at the office B.

This is log from Sophos SG 230, both have been upgraded firmware version to 9.702-1.



Can anyone tell me what happened? Is Sophos SG 135 at the office B infected with virus?



This thread was automatically locked due to age.
  • 0

    It could be a local PC inside the network communicating to this site over the proxy, but it's only speculating with no more information.

    You should check the web protection logs if you could find this same URL being browsed to, might get you back to the real source inside your network.

    Managing several Sophos firewalls both at work and at some home locations, dedicated to continuously improve IT-security and feeling well helping others with their IT-security challenges.

  • 0 in reply to apijnappels

    I checked everything in Logging & Reporting -> Network Protection and Web Protection but did not find any information.

    Thanks you very much

Unfiltered HTML