Wow, no. I thought 9.506 was the latest. Is that a brand new device or how do you get that?
↧
Forum Post: RE: When would be UTM 9.507 or UTM 9.6 released?
↧
Forum Post: RE: Site-to-Site IPSec VPN, keeps going down
Hi everybody, I would like to know if those logs comes from vyatta firewall logs? These logs are only about vpn? Otherwise where does those log come from? In case those logs come from vyattta firewall Is there a way to configure the firewall so that to obtain (in the logs) information about ip src, ip dst, mac, packet denied , packet permitted? Thank you very much! Xavier
↧
↧
Forum Post: RE: MS had their own anti-virus system installed on Windows 10?
Hello, " Do I really need to install anti-virus software?" The answer to this question should always be yes. In my humble opinion, Windows Defender which comes with Microsoft Windows is quite robust but given how the malware realm is rapidly changing I would be inclined to suggest you give Sophos Home Premium a run. As soon as it's installed and up-to-date, please run a full system scan and the software should deal with any infection on the machine. Let me know how it goes for you. Thanks, Vikas
↧
Forum Post: Sophos STAS replication with UTM sometimes fails due to UDP?
Sometimes users in the network has connection problems related to user based rules. When this happens, the user is live accodding to the live user log in STAS , but not present in UTM web page for Client Authentication. This happens too often (it should not happen at all). I suspect it depends on UDP and not TCP between STAS and UTM? Or lack of a resend mechanism in STAS for logged in users from STAS to UTM?
↧
Forum Post: Site to site vpn ssl ping
So I have successfully been able to establish a ssl site to site between two offices. I have added the local networks from each site to the ssl config and can see the firewall rules have been auto added. However I'm not able to reach some workstations, for example From site A I can reach the firewalls and aps from site B and vice versa However I'm not able to reach workstations via ping or connect to the shared file storage over the vpn. I can however connect to these workstations via rdp which is strange. Any ideas?
↧
↧
Forum Post: RE: Can't get email notifications to work.
MartinVogt if you want you can use the XG Firewall as "Built-in Email Server" to use him to send the alerts and notifications. This is a workaround until they improve this connection with O365. Thanks.
↧
Forum Post: Set Up for One Time Password (Dual Authentication) on Sophos XG allows any user to set up application for codes
Hi All, We have set up dual authentication on our Sophos XG. When users log into the sophos firewall user portal with just their passwords, they are prompted to set up the one time password. After setting up, they need to sign in using their password and their one time code. The problem is even after they set up their one time password, they are able to sign in and set up another one time password application by signing into the user portal with just their password again. This is a security risk since anyone with an active username and password will be able to set up with second authentication. Is there any way to restrict this? We don't want users to be able to set up their app passwords at any time.
↧
Forum Post: RE: Can't get email notifications to work.
You can use the XG Firewall as Built-in Email Server. Until they improve this issue with O365.
↧
Forum Post: RE: Can't get email notifications to work.
I am sorry to hear that Martin. I would be very interested in knowing what you use instead these days. PM me if you would like to share. I have found it impossible to get anything more powerful for use at home for the price.
↧
↧
Forum Post: Firewall lost connection to SUM - no apparent reason. Anyone got tshooting advice?
SUM version: 4.305-7 SG125 version: 9.505-4 I've been using SUM for about 2 years now and I've never seen it do this. We have ~20 or so Sophos SGs in our SUM portal. The firmware revisions have been on both devices for some time now without any hiccups, however, as of this morning one of them (just one) is claiming it is offline. It isn't offline, it is up and running functioning fine. When I log into the device I see this error in the 'Central Management' area: [1] SUM SSL-connect: 'IO::Socket::INET6 configuration failed'. Under Interfaces & Routing IPv6 is disabled (globally). Looking at the 'Device Agent' log this has been repeating over and over and over (public addresses have been sanitized with XYZ.XYZ.XYZ.XYZ): 2018:02:28-00:00:05 xyzINC device-agent[5477]: 1 is not connected. Trying to connect 2018:02:28-00:00:05 xyzINC device-agent[5477]: Updating SUM IP address for path: acc/server1/server 2018:02:28-00:00:05 xyzINC device-agent[5477]: [1] Connecting to SUM (ip=XYZ.XYZ.XYZ.XYZ), port=4433). 2018:02:28-00:00:05 xyzINC device-agent[5477]: [1] Using SUM SSL connection. 2018:02:28-00:00:08 xyzINC device-agent[5477]: [1] SUM connection failure, retrying (ip=XYZ.XYZ.XYZ.XYZ), port=4433). SSL-connect: 'IO::Socket::INET6 configuration failed' 2018:02:28-00:00:11 xyzINC device-agent[5477]: [1] SUM connection failure, retrying (ip=XYZ.XYZ.XYZ.XYZ), port=4433). SSL-connect: 'IO::Socket::INET6 configuration failed' 2018:02:28-00:00:12 xyzINC device-agent[5477]: [1] Connection failed (ip=XYZ.XYZ.XYZ.XYZ), port=4433). 2018:02:28-00:00:12 xyzINC device-agent[5477]: Not reporting inotify: no role 2018:02:28-00:00:12 xyzINC device-agent[5477]: timer2 -> module 1 not executing: denied by role 2018:02:28-00:00:12 xyzINC device-agent[5477]: timer2 -> module 2 not executing: denied by role 2018:02:28-00:00:12 xyzINC device-agent[5477]: timer2 -> module 3 not executing: denied by role 2018:02:28-00:00:12 xyzINC device-agent[5477]: timer2 -> module 4 not executing: denied by role 2018:02:28-00:00:12 xyzINC device-agent[5477]: timer2 -> module 5 not executing: denied by role 2018:02:28-00:00:12 xyzINC device-agent[5477]: timer2 -> module 6 not executing: denied by role 2018:02:28-00:00:12 xyzINC device-agent[5477]: timer2 -> module 7 not executing: denied by role 2018:02:28-00:00:17 xyzINC device-agent[5477]: timer2 -> module 1 not executing: denied by role 2018:02:28-00:00:17 xyzINC device-agent[5477]: timer2 -> module 2 not executing: denied by role 2018:02:28-00:00:17 xyzINC device-agent[5477]: timer2 -> module 3 not executing: denied by role 2018:02:28-00:00:17 xyzINC device-agent[5477]: timer2 -> module 4 not executing: denied by role 2018:02:28-00:00:17 xyzINC device-agent[5477]: timer2 -> module 5 not executing: denied by role 2018:02:28-00:00:17 xyzINC device-agent[5477]: timer2 -> module 6 not executing: denied by role 2018:02:28-00:00:17 xyzINC device-agent[5477]: timer2 -> module 7 not executing: denied by role I've tried disabling and reenabling the central management on the firewall, produces the same errors. I'm pretty certain a reboot is going to fix it. I have a strong suspicion the reason this is happening is I was testing an ipsec vpn tunnel between our offices (same public IP the sum is located at) and this firewall (very strong suspicion because I cannot ping the public IP used by SUM from the SG125, I can however ping other IPs on that same block-- all are configured on a Sophos at our offices. I cannot even ping that address from a machine behind the firewall, I can, however, browse to the webadmin listening on that ip if I browse to https://XYZ.XYZ.XYZ.XYZ:4444 . Going by the timestamp reported by SUM for the router being 'offline' it is at about the same time I was working on this VPN tunnel test.) This is a production network and it is very difficult for us to coordinate downtime, does anyone have any pointers that may help restore connectivity without having to bring the entire firewall down? Thanks
↧
Forum Post: RE: Decrypt and Scan HTTPS invalidates HTTPS certificates
[quote user="GonFreecs"] We're talking about Sophos XG to implement safe search. For it to be implemented well you must enable HTTPs scanning, adding CNAMEs in DNS is different. [/quote] Hi GonFreecs, I work for Sophos, with the XG, and I am well aware of what we support. We support Bing and Google with no HTTPS scanning. Internally are using the CNAME override to do this, but the user won't know this. Yahoo SafeSearch requires HTTPS scanning. The Bing and Google Enforce Additional Image Filters require HTTPS scanning.
↧
Forum Post: RE: Well, i was very excited to upgrade for the "HeartBeat".. still no tools to import HUGE configs to XG from SG on same hardware?
they've been promising a migration tool since they bought cyberroam. What's that been, 2 or 3 years ago now? Still no way to migrate.
↧
Forum Post: RE: Can't remove last interface alias on XG210
Hi Carlos, Restart tomcat service and then try to delete the interface. SSH to XG and go to Advanced Console then execute, service tomcat:restart -ds nosync. Thanks
↧
↧
Forum Post: Install Sophos Cloud endpoint without interaction
We currently install Sophos silently, but we are having the issue of people not waiting for it to install fully because they do not see the install. I would like the install to show the progress, but not allow any interaction (not needing to click "next" and not able to click cancel). It looks as if this is not possible given the switches available. We have pushed several programs over the years and it seems they always have the switch for a non-interactive install. Is there a way to accomplish this with Sophos Central Endpoint?
↧
Forum Post: SVE - Sophos for Virtual Environments - Doesn't set Windows Update Registry key
Hi, as Microsoft communicated that we do not get any new updates until Sophos has set the "special" registry key: "Customers will not receive the January 2018 security updates (or any subsequent security updates) and will not be protected from security vulnerabilities unless their antivirus software vendor sets the following registry key" We have now the following problem that SVE does not set that key, so our virtual Windows installations do not get any new updates now... Is that an error or maybe a forgotten from Sophos?! Thank you!
↧
Forum Post: RE: VPN Tunnel after upgrade to MR5 is continiously establishing new VPN tunnels
Hi Niko, I think you are affected from the issue here . Please contact support to append a fix. The global fix will be release in v17 MR6. Thanks
↧
Forum Post: RE: Install Sophos Cloud endpoint without interaction
I doesn't appear so. How are you going to be rolling it out? E.g. End Users run the exe manually? AD startup script? Some other agent to deploy it? Are you running SophosSetup.exe from a script, e.g. batch file, Powershell, VBScript? It would be quite simple to wrap, SophosSetup.exe with something that can do this if required. If you're already calling SophosSetup.exe from a script that would be useful. Regards, Jak
↧
↧
Forum Post: RE: 'Lockdown' exploit prevented in Internet Explorer accessing Sharepoint site?
Hi Wing I have encountered the same issue since installing Sophos and also those patches for financial websites I've had to add them to the Global Exclusion list but where it is annoying is that one of our users is accessing certain parts of the web page he keeps getting blocked at each bit. Does anyone know of a way to add the whole site to the Exclusion list? Rather than page by page
↧
Forum Post: should I Upgrade then Migrate OR Migrate then Upgrade? or Just uninstall everything and start Again?
Hi Everyone, I have a few question, would greatly appreciate if any one can point me in the right direction. Background Info: we have a Sophos Enterprise Console 5.4.1 running on server2008r2. We have about 200 computers. We have active application control policies aswell as the tamper control and the usual anti virus policies. We have built a new VM - Server 2012 STD and want to migrate our Sophos Console onto that. Now the question is, 1. Should we Upgrade the console to Sec5.5 first and then migrate it from server2008 to server 2012 OR 2. Should we migrate 5.4.1 to server2012 first and then upgrade it to sec5.5? OR 3. Should we completely uninstall sec5.4.1 from server 2008 and then re-install sec5.5 on server 2012 and re-protect the clients and re-do the policies etc. Note* Ther server2008 that is curently hosting sec5.4.1 is a domain controller.. :-( Thank you for any tips suggestion you can give us.
↧
Forum Post: RE: Can't remove last interface alias on XG210
Problem persist, I scroll to the end of address list and when try to click on trash icon system scroll again to the center of the list. I´m using mozilla firefox and the problem occurs with IE too.
↧