Our use case for this is more along the lines of looking at logs, ingested through Splunk, and being able to filter off of a name of an exception list not taking into account the checks for this. Seeing if a rule has been used, maybe to help us determine if an exception list is used(still used or perhaps last used) or which is the most used, finding a rule then filtering on particular servers, or being able to filter out when a particular one was used to correlate other events, among other uses.
↧
Forum Post: RE: Is there a way to capture the exception list name in the logs?
↧
Forum Post: Spotify not working when scan http is on
So it seems since last week (perhaps when i last updated firmware on the firewall, we are running SFOS 17.5.5 MR-5 ) THICK client spotify requests are not going through. the web client works fine. I have found a work around which was to turn off HTTP scanning on the firewall rule. So firstly, is this a known issue with this new firmware? secondly, i dont want to turn http scan off, so is there another work around? and thirdly, where is the log for http scanning? becuase i have looked through many of the logs (firewall, ips, web content, etc) and cannot find any logs to do with this problem. I see some denied requests from the client to akamai, but i am not sure if that is spotify or not. I have seen the related post about https scanning and spoitfy, where it suggests doing an exception, however i think spotify uses several domains. https://community.sophos.com/products/xg-firewall/f/firewall-and-policies/108889/spotify-and-decrypt-scan-https anyways i am going to try that next, but its annoying to have to do this. i feel like its a bug.
↧
↧
Forum Post: RE: 25 digit Product Key not provided
I've already contacted the support email (support@sandboxie.com) giving the screenshot of the issue, the registration keys, etc. and they haven't solved the problem… They told me to post the problem in the forum… And in the forum you are telling me to contact the support email ( support@sandboxie.com )… That means the problem will never be solved...
↧
Forum Post: RE: unlock Code
Hallo Markus, Herzlich willkommen hier in der Community ! (Sorry, my German-speaking brain isn't creating thoughts at the moment. [:(]) I don't know if the policies have changed, but it was impossible for anyone other than the original buyer to get the unlock code from Customer Service. This was explained to me as a way to thwart theft. You can call them and try, but I bet you will need to ask the company from whom you bought the RED to get the unlock code. MfG - Bob (Bitte auf Deutsch weiterhin.)
↧
Forum Post: RE: 25 digit Product Key not provided
Hi Matteo, We are looking into your problem, and it will be solved. The TLS information, and your activation steps were requested via Support@sandboxie.com and they have not received them. Also, as stated via the support email, we have involved the devs now that we have a thread open. The rest of the troubleshooting will need to take place via email, as it will most likely involve using personal information (such as your keys), which cannot be posted in the forums. Thank you!
↧
↧
Forum Post: RE: Spotify not working when scan http is on
creating a blanked spotify.com exception (under web) has fixed the problem. i would like a better solution though.
↧
Forum Post: RE: 25 digit Product Key not provided
Thank you.
↧
Forum Post: Multiple subnets on same LAN
Our Lan is on range 192.168.0.0/24 and I would like to add another subnet to our LAN 192.168.1.0/24 to allow for more devices on the network as we are running out of IP addresses. Our DHCP is handled by a Windows 2008r2 server where I setup a superscope with the 2 scopes in it for the aforementioned subnets. In the sophos xg we have the primary subnet as 192.168.0.0/24 with 192.168.0.254 as the gateway. So far I tried setting up an alias with 192.168.1.254 however that did not work and produced some strange results. What do I need to do to get this setup to route properly in the XG? Thank you for your help.
↧
Forum Post: RE: how to fix sophos endpoint installation failed ?
I would suggest to run Wireshark to create a packet capture, then: 1. Look at the client hello to see the version of TLS 2. Follow the stream of the secure connection, do you see maybe a third party certificate reference, could it be that you have some Cloud based web proxy that is inspecting the traffic? Regards, Jak
↧
↧
Forum Post: Secure Web Appliance VS XG Firewall for Web security
Anyone use XG firewall to replace the web appliance I was told the XG is the replacement for straight up web filtering . any feedback helps
↧
Forum Post: RE: Network Threat Protection not running
You can manually create the key to fix it. E.g. [HKEY_CLASSES_ROOT\AppID\{C092D533-8791-42F8-8EBE-DB116F79B4B7}] "LocalService"="SophosNtpService" For example using the reg.exe command: REG ADD "HKCR\AppID\{C092D533-8791-42F8-8EBE-DB116F79B4B7}" /v LocalService/t REG_SZ /d "SophosNtpService" /f Then maybe: sc.exe start sntpservice This isn't a key that is protected by Tamper Protection so no need to disable that first. Regards, Jak
↧
Forum Post: RE: 25 digit Product Key not provided
↧
Forum Post: RE: New Config UTM Home 9.6, a lot of Websites and Services dont work, mostly those with let'encrypt CA. Handling of Certificates Problem
how can i turn off https inspections? Webfilter Globals is tranparent mode Webfilter HTTPS is url filtering only I changed on both tabs a lot, but no success. i am confused by all that reading and trying and nothing goes better. i read online help in both english an german but didn't find out what to do.
↧
↧
Forum Post: RE: New Config UTM Home 9.6, a lot of Websites and Services dont work, mostly those with let'encrypt CA. Handling of Certificates Problem
hi Bob The error message i got was Timeout (Zeitüberschreitung) and i didnt find the matching in Web Protection log. there is no line matching the webside URl , i had tested with. cheers Ursula
↧
Forum Post: Cant get to user portal
I get an error trying to browse the User Portal. Can’t connect securely to this page This might be because the site uses outdated or unsafe TLS security settings. If this keeps happening, try contacting the website’s owner. Any thoughts?
↧
Forum Post: RE: Multiple subnets on same LAN
the easiest method to increase the number of hosts on a network would be to change the subnet mask of your existing network to accomodate more hosts eg /16 instead of /24. But this involves ip address planning . if you plan your ip scheme right then you wouldnt need superscope to increase the complexity/load of your dc.
↧
Forum Post: RE: Multiple subnets on same LAN
Thank you for your response. I have several VPN setup that include vpn that would be within this scope such as 192.168.2.0/24 and 192.168.3.0/24. If I changed the subnet mask to /16 would that cause issues with the site to site VPNs?
↧
↧
Forum Post: RE: Multiple subnets on same LAN
from your post i understand your existing network is 192.168.0.0 /24 You want to increase the number of hosts on the network You also have site to site connectivity ( IPSEC VPN) from 192.168.2.0 , 192.168.3.0 to your network 192.168.0.0 how is it currently setup for these site-to-site vpn now. https://community.sophos.com/kb/en-us/123140
↧
Forum Post: RE: New Config UTM Home 9.6, a lot of Websites and Services dont work, mostly those with let'encrypt CA. Handling of Certificates Problem
Bitte Ursula, i ch hätte gerne ein Bild der Fehlermeldung gesehen. MfG - Bob
↧
Forum Post: Can't route only one subnet. Help please.
Hello guys, I have a big problem here, I need to route the network 192.168.127.0 through gateway 192.168.127.1, and, for all others networks its ok and the XG routes everything ok, but, for this network my LAN can't reach an server in 192.168.127.0/24 subnet. Below the Unicast routing table for my firewall, and then the kernel routing table (where the gateway for 192.168.1270 subnet is missing) What I need to do to add the correct gateway for 192.168.127.0/24 subnet. It driving me nuts.
↧