We are also seeing this error and we use Trusteer Rapport to access our online banking. What was the resolution for the problem? It's aggravating to see the alerts and I am not sure if the product is actually being blocked, meaning our Accountants won't be able to access our corporate banking websites.
↧
Forum Post: RE: Safe Browsing detected browser Internet Explorer has been compromised
↧
Forum Post: RE: Visio Stencils
Are there any newer versions that would include the XG series? Or where would we go to even make this suggestion?
↧
↧
Forum Post: RE: Sophos UTM update 9.411-3 released
Installed on several installations last night (all were on 9.408), some software, some hardware. All has gone well during the first day after the install.
↧
Forum Post: Replace Cisco 1921 With Sophos?
Not sure where this question would go other then Initial Setup. It's more of a design question but its the closest group I could find. Currently our main office has a Sophos XG310 and a Cisco 1921 used for a point to point connection with a branch office. The point to point carries tagged info for three VLANs and has voice priority for DSCP EF (46) QoS and also for one of the three VLANs (kinda a backup in case the traffic wasn't tagged). This works fine. However we are adding another branch office and will have a Sophos XG125 in that office (for local internet). Can the Sophos do the routing in place of a Cisco 1921 with the QoS? In other words can I forward traffic from the main office (10.10.*) to the suboffice (10.20.*) with those three VLAN's and then give priority to the VLAN for voice traffic? It would be nice to not have to have the Cisco boxes in addition to the Sophos at each location. -Allan
↧
Forum Post: RE: How to disable Sophos Endpoint Defense without booting into safe mode
Hello Christopher Thompson , I hope they do something with the logs. Seems that under certain circumstances the Central installer paints itself into a corner. It's somewhat, err, funny that SED is apparently in full operation before the product is successfully installed. Christian
↧
↧
Forum Post: RE: Ransonware detection (cryptoguard) kills Illustrator CC 2017 performance (unresponsive)
Hi Aditya, We implemented the suggested exceptions, unfortunately it had no effect. Illustrator appears to stop responding every 5-6 seconds without any user action Any other suggestions? Shane
↧
Forum Post: RE: How do I submit a false report file
Hello muadz mahyuddin , vendors listed on VirusTotal can opt to receive samples of uploaded files, Sophos did it - dunno if this is still the case. As to your question please see Submitting samples of suspicious files to Sophos. Christian
↧
Forum Post: RE: Does 10.6.3 supports windows server 2012 R2
Hello Ravi Chandra, short answer: yes. Detailed answer - please see Supported Windows Platforms (the link is on the Community Hone Page under QUICK LINKS ) Christian
↧
Forum Post: RE: Port Forwarding Problem
The settings look good. Is the destination address of the firewall screenshot the WAN or LAN address? First please check, if the DNAT rule is enabled. I mean new rules are disabled in standard, but I'm not sure. Then you should check and post the firewall rule. You can view them by selecting "Automatic Firewall rules" in the firewall settings. If everything looks fine, you should try to create a firewall rule by your own, and not automatically by the DNAT rule.
↧
↧
Forum Post: Webserver in DMZ - Zugriff vom LAN aus auf DynDNS-URL
Hallo, ich habe folgende Situation bei mir: Unitymedia --> Fritzbox (Port 1) --> Bridgeport --> UTM --> LAN (192.168.1.0/24) / --> DMZ (192.168.11.0/24) Die Fritzbox ist am Port 2 (192.168.11.1) mit dem DMZ Port verbunden. Damit kann ich die FB (die ja hinter der UTM liegt) auch vom LAN aus ereichen. Die UTM hat den DynDNS Namen home.dyn.xx Die Fritzbox hat den DynDNS Namen cloud.dyn.xx Ich habe jetzt einen Rechner mit Ubuntu + Owncloud aufgesetzt. Dieser steht in der DMZ und verwendet als Gateway die Fritzbox (dort dann auch die Portweiterleitung). Aus "fremden" Netzen (LTE oder anderer Internetanschluss) erreiche ich die Owncloud unter cloud.dyn.xx - funktioniert alles top. Aber aus meinem LAN wird die Adresse cloud.dyn.xx nicht aufgelöst. Ich kann die Owncloud aus dem LAN "nur" über die IP (192.168.11.2) erreichen. Woran liegt das? Ich habe es extra direkt an die FB angehängt, damit nicht der DynDNS Namen der UTM aufgerunfen werden muss. Woran liegt es, dass der Aufrug der URL (cloud.dyn.xx) nicht durch die UTM ins Internet geleitet wird und dann wieder bei der Fritzbox ankommt? Habe ich einen grundlegenden Denkfehler? Danke und Grüße Frank
↧
Forum Post: RE: List of possible log Events for SIEM integration
I was doing the same thing, but wanted a definitive list of all the possible events from the Sophos-XG firewall. So I found the database tables on the firewall and did a select to generate the list. Specifically I wanted to get the event ID, severity, type, and text of the message to load into my SIEM (I use Alienvault) so that it would show something more meaningful, and allow me to do realistic thresolding and correlation of stuff coming from Sophos. Now, instead of just seeing a generic IPS message in Alienvault, I see specific event names and details. Of course, as Sophos adds new signatures, my snapshot will become out of date, so I need to find a way to keep it in sync. Already, I'm getting a few "generic events" indicating somethings falling through to the catchall event, but I can deal with those.
↧
Forum Post: RE: Log In
I arrive at this log in page from the scan 'Home Dashboard' button. I use exactly the same password as I used to enter the Forum. No Forgot Password on this screen--just Need Help?
↧
Forum Post: RE: List of possible log Events for SIEM integration
I have not. I use syslog to send events from Sophos to my SIEM, and it works fine. My problem was that my SIEM didn't have mappings from the event ID to anything useful (like the severity, type of event, description, etc.). This was just an extract from the database to allow me to populate the SIEM. There's still work to do. My SIEM (Alienvault) has event types and severity, but of course they don't map one-to-one to those used by Sophos. But at least my SIEM reports now list the type of event that SOphos is seeing.
↧
↧
Forum Post: RE: unauthenticated users can use LINE Message
What information should I offer you?
↧
Forum Post: RE: Where to set maximum file download size?
Thanks, i added this request on ideas.sophos.com. Block downloads larger than (which size we want)
↧
Forum Post: RE: Which appliance can handle a routing table with more than 15.000 routes learned through BGP?
Thanks for the reply lferrara and for quoting those guys.
↧
Forum Post: How do I do Manual Clean up of this for my MacBook Pro?
I do not know how to remove a malware. I received this notice, which requires "manual cleanup" 'Mal/Phish-A' at '/Users/myname/Library/Mail/V4/5B6AF76D-B5EB-43F7-BC71-790E5606F2AD/Trash.mbox/E43941DA-8853-48E3-B924-C34C9267C455/Data/0/8/5/Attachment
↧
↧
Forum Post: Hi! please Change my Profile (username) to Diana G
Hi! please Change my Profile (username) to Diana G
↧
Forum Post: RE: List of possible log Events for SIEM integration
The context here was Sophos Central API and not firewall. I am running the Sophos API script to pull endpoint events in CEF format. This puts them in a flat file, that I use a SIEM agent to monitor and pull in new entries. You can also forward them a syslog output, but I'm running a 15 minute task scheduler job on the Windows server that is doing my AD Sync as well. You just have to install Python first, then you can configure and run the script. Everything is located here: https://community.sophos.com/kb/en-us/125169
↧
Forum Post: Configure Sophos SG 135 (UTM 9) to allow Microsoft Routing and Remote Access Service (Microsoft RRAS)
Hi Everyone, I have question on Sophos firewall and I am new to Sophos appliances. Question/I need to ---> Configure Sophos SG 135 (UTM 9) to allow Microsoft Routing and Remote Access Service (Microsoft RRAS). Customer requirement ---> Microsoft RRAS and Direct Access have to be used and allowed to all remote users. Firewall or 3rd party VPN isn't an option. Issue ---> 1. When I add all standard rules: Firewall, Network, NAT - it doesn't work. (btw identical type devices from Cisco, Checkpoint, PaloAlto and even SonicWALL work without issues). 2. There is no guide or best practice document on how to configure RRAS with Sophos, or at list I can't find one. Errors in the log ---> 1. I can't see anything in Sophos Firewall Logs. Logs, literally, have nothing logged against any of the IP's: internal RRAS and external clients. No Drops or Success, literally nothing. 2. Windows Server 2016 RRAS report that client connection accepted but tunnel cannot be established as there is GRE 47 issue. (A connection between the VPN server and the VPN client xxx.xxx.xxx.xxx-external-IP has been established, but the VPN connection cannot be completed. The most common cause for this is that a firewall or router between the VPN server and the VPN client is not configured to allow Generic Routing Encapsulation (GRE) packets (protocol 47).) Firewall Configuration ---> and and P.S. Identical approach with DNAT rule & Firewall rule for Terminal Services works fine without any issue. Not sure why RRAS is different. P.S.S. WAN is configured as PPPoE . Router a front of the appliance is set in Bridge Mode . P.S.S.S Firmware version - 9.411-3 Regards, Kon
↧