Running with it since the soft-release. I thin aI see an increased memory usage from the http proxy, anyone seeing this? 810 9345 33.9 36.9 1812024 1484612 ? Ssl 20:40 0:33 /var/chroot-http/usr/bin/httpproxy -f -c /var/chroot-http -u httppr Having 4gb memory in the appliance and it's a 88%, when I shutdown http proxy it moved to 41%. Only my private servers are behind and no throughput to talt about :-) (Runnning on old UTM 320 appliance with SSD) Regards Martin
↧
Forum Post: RE: Version 9.508 - report on experience
↧
Forum Post: RE: Some Sophos services are not running/missing
In response to the OP question "How to I start these services remotely?" Assuming that the services aren't missing or broken (and assuming you haven't already used it) consider using psexec ( https://docs.microsoft.com/en-us/sysinternals/downloads/psexec) . It's a fantastic remote command line utility that lets you easily run any CLI command on a remote system that you can run locally. Feel free to IM me if you haven't used it and run into problems. I've used it extensively in many environments (I used to work at an IT MSP). Alternatively, the pre-existing command ` sc ` supports remote computers as well, though it is specific to services, where psexec is not. I will typically run the following in order to run several commands remotely: psexec \\{computername|ip} /h cmd That launches a remote cmd shell, which acts just like I was sitting at the remote computer with a command prompt window open.
↧
↧
Forum Post: RE: Webfiltering "statuscode=502" "Host not found" at serveral sites.
Hi Simon - you've been around for awhile, but this is the first time I've seen a post from you - welcome to the UTM Community! In my experience, there are only two ways to fix a 502 error. To me it means that there's something about the Proxy that the web server doesn't like. If creating an Exception for antivirus doesn't resolve the problem, you must skip the Proxy for the FQDN using DNS Group definitions in the 'Skip Transparent Mode' destination list. Cheers - Bob
↧
Forum Post: RE: VPN SSL UTM9 to Mikrotik
Pryvit Maks and welcome to the UTM Community! Start with a Google on site:community.sophos.com/products/unified-threat-management/f ipsec mikrotik and then ask specific questions after you read about others' solutions. Cheers - Bob
↧
Forum Post: RE: Proxy CA certificate is expiring
I no longer get emailed, but I am not sure what I did to resolve it. I know I did several things; Regenerated certs in the web GUI Changed out all the certs for the regenerated ones Deleted all the obsoleted certs, CAs etc Used the info from kerobra above to identify the cert, using the SSH command line. Can't remember if I deleted a cert using the SSH command line? I think I restarted after the above, in order to ensure no old cert was being referenced
↧
↧
Forum Post: Intercept X 2.0.2 Performance Issue
Have any one notice performance issue with Sophos Intercept X -2.0.2 I did a test with my Lenovo T470 , 8 GB RAM , SSD - Without Sophos Install the Boot Time is 8 Sec, Skype for Business Auto lunch and log in 29 Sec With Sophos Install the Boot Time is 29 Sec, Skype for Business Auto lunch and log in 1 min 10 Sec With Sophos Install without Intercept X the Boot Time is 9 Sec, Skype for Business Auto lunch and log in 40 Sec We are also noticing I.E crashes in Win 10 OS. I saw another discussion on IE and intercept X in this forum.
↧
Forum Post: RE: UTM 9.508-10: Recipient varification with Active Directory still not working?
Hi @ all, tanks for your replies. I have configured the Domain Controller to accept plain LDAP connections. Now recipient verification is working. If I switch back to LDAPS, recipient verification is not working. Any ideas why LDAPS is not working with recipient verification? User authentication is working with LDAPS. regards, Frank
↧
Forum Post: RE: Limiting CIFS traffic over RED tunnel
Hi Alberto and welcome to the UTM Community! I would not select Limit uplink/downlink unless you are paying for the connection by the volume of traffic passing. I would not select 'Upload optimizer' unless you have no Bandwidth Pools using that interface (this will be the case if you use my suggestion below). Rather than "Any" in your Traffic Selector, I would use a Network or Network Group containing the remote networks. Rather than putting your traffic selector in a Bandwidth Pool, use a Download Throttling rule on eth0. To limit the traffic in the other direction, you will need similar rules for your local interfaces in Site 1 with an inverse Traffic Selector. Cheers - Bob
↧
Forum Post: Sophos Central Windows Server Protection – Remote Desktop (Terminal) Services (KB 127299)
This line raises a question: "In addition to a Server license for the server, all Users connected to the Server will also consume an endpoint license." If each user already consumes a license for their endpoint, will an RDP connection to a protected server consume an additional license? Or since it's a user license, will the same license apply to both the user's endpoint and their RDP session on the server?
↧
↧
Forum Post: RE: Sophos XG Home Edition installs as an appliance on my PC
I feel better knowing that I am not going insane. I am installing to the same PC and nothing changed except now the software installer is installing as hardware. So to debunk a theory about my PC changing. I was able to install a previous version SW-SFMOS_15.01.0_MR-3-447 and you guessed it. It installed properly as a software based firewall running on my PC. So i'm concluding that something has definitely changed within the .iso file. support has requested i try installing with virtualization disabled in the bios. Im goin to try that shortly & report back with an update.
↧
Forum Post: How to block VPN apps?
Hi all, I have a XG 550. I would like to block VPN apps like X-VPN, UltraVPN or something like that. I created an application filter policy following this guide https://community.sophos.com/kb/en-us/123108 I also block all proxy and VPN app listed in Application Filter Criteria. But user still can use X-VPN to bypass the XG. My XG running 16.05.8. Please give me some advice. Thank you.
↧
Forum Post: RE: Some Sophos services are not running/missing
That's all well and good, but seriously - how many other pieces of software are you required to fix like this after an update? I cant name any. Also, another HitManPro update today, another reboot required. (at least on some) *sigh*
↧
Forum Post: RE: Some Sophos services are not running/missing
Say....I don't have Sophos installed on any Servers here. Have they been required to reboot as often as desktops? Curious. Tks
↧
↧
Forum Post: RE: Is it possible to allow access to specific ports based on MAC address and block access to the ports for the rest?
Sorry, I get wrong with your requirement. You want to filter the incoming MAC from WAN. But the source MAC was replaced after they pass through router. So it is impossible to filter the incoming MAC from WAN. I apology for misunderstanding...
↧
Forum Post: RE: Some Sophos services are not running/missing
They don't appear too. I think I've seen one reboot required in the last year. Besides the agent being fairly bloated (big install compared to most 'next gen' AV) - seems to be okay. This is why I cant understand why endpoints require so many restarts. Edit: I should mention we only run it on a handful of servers currently. We have the license for many more to implement into AWS - but that has been quite painful. Reasons being, the install is very slow compared to other AV's (especially with the new installer) and it wants a reboot after install, which would be fine if it installed faster, but its doesn't. I'm also very fearful if I roll-out server wide, I'm going to end up with the same problems as I have now on the endpoints. I cant have that on the servers. I'll be rolling out to a few first and any issues and I'll be asking for the money back.
↧
Forum Post: RE: Disabling Tamper Protection in AWS
Hey WomboCombo, Found the problem was due to how long the product takes to install. The current sequence of spinning up, installing all other required software, joining domain and then rebooting doesn't allow enough time for Sophos to install (by far the longest) Not really sure what our options are now.
↧
Forum Post: RE: Interface based firewall rule for ospf
We are the partner but new to the platform. I should probably just call support but I like having this available for others who may have the same issue. We have a MPLS on E4 that uses OSPF to distribute routes to and from all other sites. The routing portion is working great but having to add all company networks to every firewall to create an allow all firewall rule is very time consuming and defeats the purpose of the ospf. I would like to create a rule for the interface itself or set the interface to a LAN zone like in the new XG series.
↧
↧
Forum Post: RE: How do I get rid of Sandstorm Module Expired message?
I have the same annoying issue. It isn't life-threatening - just annoying. I actually would consider purchasing, however I can't get a quote. Regards, Gary
↧
Forum Post: RE: How do I get rid of Sandstorm Module Expired message?
Hey GaryChancellor Have you tried to contact your Sophos Reseller or Partner to inquire? Please note that we have a Partner Locator tool to assist in helping you locate a local partner. Best, FloSupport | Community Support Engineer
↧
Forum Post: Sophos Endpoint with Enterprise Console couldn't control internet traffic on Firewall with LDAP integration
I have an on prem enterprise console and not using Web filter. After integrated my firewall "FortiGate" with LDAP for users internet traffic filtering to log the user traffic activities. Currently what I see on my firewall is not actual username from individual computer, instead all the traffic going through showing as a Sophos update manager service account which I use to install Sophos Endpoint. I was investigating this phenomenon why the user traffics are not showing correctly and found out that there are 2 services running background "Sophos Web Control" & "Sophos Web Intelligence". After stopped that 2 services, the firewall starts showing the user traffic correctly with according to the username login to that particular computer. I don't use these 2 services and already disable/turn off those features on enterprise console. I tried to disable these 2 services but it always back to enable state after the updates are installed.
↧