This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Web Appliance SMBv1 Dependecy.

Hi,

I would like to ask:

Would there be any development in Sophos Web Appliance that supports SMBv2 or above?

A friend of mine disabled the SMBv1(in response to the Wanna Ransomware)  that makes the Active Directory integration no longer work.

They are also aware of this KB.

https://community.sophos.com/kb/en-us/126757

 

Thanks,

tech



This thread was automatically locked due to age.
Parents
  • We are in the process of upgrading the SMB/AD integration components on the Web Appliance and will be publishing an update to the product as soon as that work is complete and fully tested. This will allow the SWA to connect to AD services that have disabled SMBv1.

    We hope to do this before the end of July.

  • Ok ...

    No Sophos fix on the horizon.

    Would it be possible to at least publish a guide to harden networks (assuming an hypothetic basic and simple network) as much as possible in such a regrettable situation ?

    What needs to have SMBv1 re-enabled ?
         Domain controllers ?
         File servers ?
         Database Servers ?
         Desktops ?
         Anything that access Sophos Firewall ?
         Anything that access Sophos WEB gateway proxys ?
         Exchange servers with or without Pure Message ?

    What Windows Firewall rules can we push (via or not GPO) to have such a non-sense limited as much as possible ?
         Inbound rules ?
              On which machine ?
                   DCs, Desktops, anything else ?
         Outbound rules ?
              On which machine ?
                   DC, Desktops, anything else ?

    A starting point here. Scroll down at third post from M. Andy Pan.
    https://social.technet.microsoft.com/Forums/en-US/6cdee681-7f92-4562-be36-539f458fda58/firewall-rules-to-allow-smb1-to-specific-ip-addresses?forum=winserverNIS

Reply
  • Ok ...

    No Sophos fix on the horizon.

    Would it be possible to at least publish a guide to harden networks (assuming an hypothetic basic and simple network) as much as possible in such a regrettable situation ?

    What needs to have SMBv1 re-enabled ?
         Domain controllers ?
         File servers ?
         Database Servers ?
         Desktops ?
         Anything that access Sophos Firewall ?
         Anything that access Sophos WEB gateway proxys ?
         Exchange servers with or without Pure Message ?

    What Windows Firewall rules can we push (via or not GPO) to have such a non-sense limited as much as possible ?
         Inbound rules ?
              On which machine ?
                   DCs, Desktops, anything else ?
         Outbound rules ?
              On which machine ?
                   DC, Desktops, anything else ?

    A starting point here. Scroll down at third post from M. Andy Pan.
    https://social.technet.microsoft.com/Forums/en-US/6cdee681-7f92-4562-be36-539f458fda58/firewall-rules-to-allow-smb1-to-specific-ip-addresses?forum=winserverNIS

Children
No Data