Hallo, ich habe hier irgendwie noch überhaupt nichts zur Prozessorlücke bzw. den Exploits "Meltdown" und "Spectre" gelesen. Oder habe ich was übersehen? Da in den HW-Appliances und auch bei den SW-Appliances ja ziemlich sicher Prozessoren zum Einsatz kommen, die diese Lücke ebenfalls aufweisen, würde mich mal eine Einschätzung seitens Sophos bzw. der Community interessieren, wie verwundbar diese Systeme momentan sind bzw. wie evtl. Angriffsszenarien auf die Sicherheitssysteme aussehen könnten. Sind seitens Sophos Patches in Arbeit oder angekündigt? Und wenn ja, gibt es schon Erkenntnisse, ob und mit wieviel Performance-Verlust bei den UTMs zu rechnen ist? Gruß Marco
↧
Forum Post: Prozessorlücke und Meltdown-/Spectre-Exploits
↧
Forum Post: RE: Prozessorlücke und Meltdown-/Spectre-Exploits
Moin, du kannst ein wenig dazu finden, wenn du die Suche bemühst, habe ich auch gerade getan, es gibt ein KB Eintrag dazu: https://community.sophos.com/kb/en-us/128053#nsg Ciao
↧
↧
Forum Post: RE: Multi Tenant Site to Site RED
Hi Gbridge, 1. see below "to 1" 2. unfortunately not. if you only use the UTM to Bridge RED to VLAN it will work - if you use the UTM as a Gateway for the Client Networks it won't work. since utm has only one Routing table. one way would be to add a small NAT router with VRF enabled to gain multiple Routing Instances and use "1 on 1" NAT to translate the full net to a "datacenter local" unique Network. 3. it is possible, see "to 1" 4. -- 5. Sophos has Partners to sell their products and to do Consulting - you can search for a Partner or ask Sophos to name one. Sophos helps their Partner with uncommon Projects. to 1) - Create Vlan Interface - Create RED Definition (just stop after creating RED, do not Use the newly build virtual "red1" Interface) - go to Interface Settings click "Edit" on your new vlan Interface, select Bridge from "Interface type" and add the new red Interface to Bridge-interfaces selection. - you're done. Yours Lukas
↧
Forum Post: RE: Install Sophos UTM 9 on Synology VMWare ESXI 6.5?
Hi Mario, It should support and there are several virtualization platforms which are also supported but not officially mentioned in the KBA above. Alongside, your NAS has good hardware specs to support it efficiently. Thanks
↧
Forum Post: RE: How to Manually Trigger an Alert from SOPHOS CENTRAL ENDPOINT to SOPHOS CENTRAL CONSOLE?
Thanks @Gowtham But anythin via CMD interfeace? Basically i am looking for an remote command which i can trigger using psexec.exe on the remote PC.
↧
↧
Forum Post: RE: Install Sophos UTM 9 on Synology VMWare ESXI 6.5?
Hi Mario, to answer your Question - esx and esxi is the same, UTM on vSphere/esx(i) 5.1 - 6.5 is Supported. VMware merged the esx and esxi productlines with release of Version 4 or 5.. Prior to that it was a different Code Basis, now it is the same. I don't think it is desireable to run any Kind of virtualisation on a nas box because of its limited resources - please use it only for Validation / Home-Use. Yours Lukas
↧
Forum Post: RE: openVPN (SSL VPN) capped at around 20Mbit/s Up/down
This is what my testing shows as well. As I weaken the ciphers i get faster speeds. Combination of MTU settings and other suggested stuff I get around 20-30 Mbps. On the other hand, I see no hardware bottleneck (CPU load and such). I have now assumed that this is how openVPN works on Sophos, and using it that way. Thanks all for your input1
↧
Forum Post: RE: Cliets show againt 5.7.220 what's meen?
Hi Paul, Thank you for your patience, we have just updated this article with the current status of the roll out: https://sophos.com/kb/128060
↧
Forum Post: RE: SFM / License expired message
Hi Simon, Not sure but I guess you are referring to the Alerts generated via Email. You can disable the alerts by navigating to System & Monitor > Alerts > Edit Default AlertProfile> uncheck Any subscription expires within 15 days. Any help?
↧
↧
Forum Post: RE: Prozessorlücke und Meltdown-/Spectre-Exploits
Danke! Ich habe wahrscheinlich an der falschen Stelle gesucht...
↧
Forum Post: RE: DNAT rule v17
Hi Karlos, We have devices with 50 DNAT Rules, after upgrade to v17 the Public source ports they were converted to Objects, now I cannot rename these objects, because they are in use, In Dnat page we cannot identify wich ports are used, it is needed check in each object. We cannot usage two objects in the DNAT rule (the Gui interface allow, but does not work). We need a big effort, to create a simple rule, and after create it we cannot change/manage it IMHO this is a regretion, as other users already expressed the same feeling. With Public Source Port direct in Dnat rule the control and management it was very simple, like in CR devices. Regards
↧
Forum Post: RE: Firewall Rules and NAT in XG
Hi Paul, I totally agree! In V17 it is a bit more confusing. https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/99323/dnat-rule-v17
↧
Forum Post: RE: Pop3 proxy not running - restarted / FW 9.505-4
Hi there, this behavior ("POP3 proxy not running - restarted") remains with v9.506-2. Of course the system works fine, but those messages occure about four times a day which is kind of annoying. I guess it's time for a "shut up!"-patch ;) kind regards Andreas
↧
↧
Forum Post: How to create a Web category from external source
Hi to everyone, I want to import filterlists from uBlock for example. I know can create a custom category an point to a URL with a textfile. But Sophos XG can only handle http connections! I found a workaround. That's not my problem. Every list I tried out is not working. It gives me errors like: list too long or: not formatted right. So, can someone please tell me how these files has to be formated?
↧
Forum Post: RE: Cloud web gateway - client machine memory usage
Hi Andy , It would seem normal as per its usage is concerned. As it is shared resource you may check the total RAM consumption on your system i.e. % Ram utilized on your system.
↧
Forum Post: RE: SFM / License expired message
Hi Sachin Thanks for your help. No that's not the solution for me, because I would like to get an alarm if a license expires. But I don't need an alarm if a trial license is expired. We startet on Azure with Trial licenses and now we bought the licenses for Webserver and Network. But we receive every day an alarm for the other modules. Is it possible to reconfigure the XG, so that expired licenses are in an other state then expired? Not configured or something else... best regards, Simon
↧
Forum Post: RE: CISCO VPN broken after XG 17 release
Sorry for the late response Adam, [quote user="AdamMickiewicz"] In case you need debug logging, let me know.[/quote] Please PM me the debug logs if possible. Otherwise via email. We are currently verifying if and what kind of problem is present in relation to dynamic WAN links and IPsec.
↧
↧
Forum Post: RE: Meltdown and Spectre
That does not answer Olivier's initial question. The question he asked, and for which he is still needing an answer, is whether Intercept X will help give any protection - now, soon, or ever - against threats which exploit the Meltdown and Spectre vulnerabilities. I'd like an answer to that question too, as it seems to be exactly the sort of thing we would expect see Intercept X handle - suspicious looking activity around known exploit vectors. Can we get an answer for that, please, even if it's a 'no'.
↧
Forum Post: RE: Upgrade SEC from 5.4.0 to 5.5.0
Hello warnox, sorry for the delayed reply, I've been away. I can't see a mention of 10.6.4+ [...] being compatible SEC 5.4.1 came out a year ago, at this time All supported [SESC for Windows] versions (you've quoted this in your initial post) definitely included even 10.6. 3 . at what Endpoint/RMS version did TLS 1.2 become compulsory compulsory is perhaps not the right word and it's not the RMS version that mandates TLS 1.2 but SEC. The SEC 5.4.1 - Use of ... article has more details. The simple conclusion is though: Any Windows endpoint that is up-to-date is "compatible" with SEC 5.4.1/5.5.0. Christian
↧
Forum Post: RE: Multi Tenant Site to Site RED
Hi Lukas, Thanks so much for the help! I should have mentioned that I an a Sophos Partner, but I have never done something like this..... I am/was hoping that someone has done/is doing this already..... Thanks again, G
↧