yesterday (sunday) at 3 am SNORT stopped to work with the result that internal nets couldn't reach Internet anymore. In the logs I found
FATAL ERROR: Failed to load /usr/lib/snort/so_rules//file-java.so: /usr/lib/snort/so_rules//file-java.so: file too short
Disabling IPS gave Internet back to local nets. No need to say that nothing was done at UTM level since weeks.
If someone had an idea on why does this suddenly happened, what does it mean, and finally how to solve it.
I found a similar one solved 7 months ago: https://community.sophos.com/utm-firewall/f/general-discussion/131375/solved-ips-blocks-all-network-traffic/483112#483112
You probably need to delete /var/chroot-snort/usr/lib/snort/so_rules/file-java.so instead of the one mentioned in the post by emmosophos.
Cheers - Bob
Well, IPS can't update as Sophos repos are still not accessible in ipv6. How can this be true in 2022 specially from a IT company like Sophos !
I *think* it had something to do with repository accessibility depending on where in the world the UTM is located. Not making excuses, just stating what I believe the culprit was/is.
Redundancy is such a norm now, even for us home users. I have backups for my backups, lol.
XG 19.5 GA 64-bit | Intel Xeon 4-core v3 1225 3.20Ghz 16GB Memory | 500GB SSD HDD | GB Ethernet x5