This article describe the recommended CLI settings for the application filter in order to better detect and block critical and evasive applications such as Psiphon, Tor Proxy (Tor Browser), Torrent, Ultrasurf, HotSpot Shield, etc.The following sections are covered:
Applies to the following Sophos products and versionsSophos Firewall and Cyberoam
show advanced-firewallshow ips-settings
set advanced-firewall midstream-connection-pickup offset ips maxsesbytes-settings update 0set ips maxpkts 80set ips packet-streaming on
Along with P2P and Proxy and Tunnel category, applications listed below must be denied in the application filter policy. In case of CROS Micro App should be enabled in Application filter Policy.
The same application filter policy (as configured above) must be applied to DNS Firewall rule as well, if there is any.
CLI + GUI Settings.
Noticed the recommendation for maxpkts is 80 here but in this guide, it recommends setting between 100 to 300. What is the recommended setting? I'm assuming higher offers better scanning capability but is 300 where you hit a point fo diminishing returns?
Sophos XG guides for home users: https://shred086.wordpress.com/
Also, that only applies yo V17.x, V18 has more parameters which are not shown.
Just to be sure :-)
maxpkts for V17.x = ?
maxpkts for V18.x = ?
Also noticed, that maxpkts 300 had no performance impact at all but I had less false positives after setting it. (on V18)