Sophos

243

Solutions

437

Contributors

Sophos develops products for communication endpoint, encryption, network security, email security and mobile security as well as unified threat management. Products include hardware (or software virtual appliance) network firewalls including web browsing protection, AntiSpam filters and antivirus protection, encryption and data protection, web filter, antispam and mobile content and device management tools.

Share tech news, updates, or what's on your mind.

Sign up to Post

Dear Experts,

We have configured SSL VPN for the Sophos XG 310 firewall to use.

When we tried to add a second ssl vpn account copying the first account settings, we are unable to connect.

Is there a log for SSL VPN?
0
Announcing the Winners!
LVL 13
Announcing the Winners!

The results are in for the 15th Annual Expert Awards! Congratulations to the winners, and thank you to everyone who participated in the nominations. We are so grateful for the valuable contributions experts make on a daily basis. Click to read more about this year’s recipients!

Hello Experts.  Any experience or recommendations regarding Microsoft ATP in O365 vs a traditional Endpoint Solution such as Sophos or ESET?  We are an educational institution so have an A1 licence.  Getting an A3 or A5 would allow ATP along with many other features I would like to have.
1
Sophos uses bitlocker as far as I'm aware. Bitlocker requires tpm modules? How do I check if all my laptops have a tpm module.
0
My employer was hit with malware two months ago and we've contained and treated it. However, it looks like our address book got hijacked. Users are being bombarded every day by spoofed emails using names of our employees, but coming from various domains around the world. Outside customers and vendors we often communicate with are also reporting that they are getting the same type emails, multiple times daily.

I know this is a long shot, but is there anything at all we can do about this? I suppose anybody can type any name in the "From" box on a message and since they have our names and contacts, they are exploiting it. We mark all external emails as [EXTERNAL] so at least people will see that the emails come from outside our domain despite the user's name, but that doesn't help for our vendors, customers, and other contacts.

We currently have Sophos installed on our servers and desktops, and run Barracuda's spam filter. Most of this stuff is getting caught and blocked, but there are so many that a few still slip through.

Any suggestions here?
0
Hello, We in the middle of integrating our on premise AD to our SOPHOS firewall. We had to download the SOPHOS firewall plugin to connect to AD and server information. Apparently the app reads certain particular events that tell it if a users has logged in or logged out of his or her computer system and based on that consider the user active and therefore starts logging and allowing that AD user access to the internet.

Currently this is not working and the cause per SOPHOS Senior engineer is when the user signs in the event viewer we see ID 4624 pop up but right after we get an event 4634 stating a logoff and the following message...

"This event is generated when a logon session is destroyed. It may be positively correlated with a logon event using the Logon ID value. Logon IDs are only unique between reboots on the same computer"  

SOPHOS Engineer specifically said event ID 4634 is causing this issue.

It makes sense that 4634 may be causing issues since it says the user is logged off when in fact they just logged in but is that event ID 4634 a normal event across all servers or an issue I must fix?

-Currently only 1 domain controller
-Windows Server 2016
-About 60 Users
0
Dear Experts,

I have a Sophos vhdx installed into my hyper-V version SFOS 17.1.3 MR-3.

How do i login and configure the IP address and its interfaces?

I only managed to access the console via the Main Menu.
1
Hi Guys,

I am trying to configure a SonicWALL TZ400 site-to-site VPN.
We have a Sophos firewall router on the remote side.

The Dell SonicWALL replaces our previous Netgear Prosafe FVS336G router, which connects the site-to-site VPN successfully.

I confirmed the Dell SonicWALL VPN / IPsec settings again and again, but no connection unfortunately.

I used the SonicWALL quick VPN configuration.

I've noticed that the access rules for "VPN to LAN" have been auto-added, as well as "VPN to WAN"

Are there any changes that is needed to the access rules, or NAT rules for the site-to-site VPN to work?
Any recommendations are welcome ...
0
We have a Windows 2012 R2 domain with 2 domain controllers. Users authenticate to the domain with no problems.

We have 2 subnets
LAN: 192.168.0.0/24
WLAN: 192.168.4.0/24

The WLAN traffic is routed through our Sophos XG230 Firewall/Router 192.168.0.1

Any user authenticating against one of the domain controllers (from the WLAN) shows  the ip address of the Firewall/Router, not its correct ip address of hte host they are on.

I can see this in the kerberos TGT in Event Viewer 4768.

This is only happening on 1 of the domain controllers.

Any ideas on how troubleshoot would be greatly appreciated.
0
I am looking at getting a new Wifi solution for our new building.  I have looked at Meraki, Ruckus and Arruba, Sophos and even at a Cisco controller option.
I'm having a hard time deciding which solution is best for my environment.  We have two separate buildings, but will all be one system.  Hands down, the Meraki cloud has the best analystics and displays the data the best, my opinion, but it's not the cheapest.  Going from a controller based to cloud based design makes me uneasy, as if the internet goes down, then my entire wifi is down as well.  
By far I like the Meraki dashboard and the options available in their cloud.

We will need about 50 APs for both buildings.  I'm working with a vendor that said after we move forward with the purchase, they will perform a heatmap analysis, so we know where to place them, so that's good.

Any suggestions what to look out for, or any recommendations?  
Does anyone not like Meraki or any of the others I mentioned?
1
We have experienced some issue with Sophos AV and Exchange server 2016. I want to uninstall Sophos but have been unable to do so cleanly(even with the help of their tech support). I remember that MS had and uninstall tool that worked very well. Is this tool available and if so where can I obtain it? If the answer is no what other options do I have.
0
Introduction to Web Design
LVL 13
Introduction to Web Design

Develop a strong foundation and understanding of web design by learning HTML, CSS, and additional tools to help you develop your own website.

I am looking at a replacement for our aging Cyberoam UTM. One of our options is the Sophos X330, which appears to be a good upgrade path for my requirements.

Has anyone used Cyberoam and the moved to Sophos? I am curious if there are setup and managing similarities. Seeing as Sophos acquired Cyberoam a few years ago, I was wondering if the Sophos UTM would be familiar in some way after using Cyberoam. Maybe they had adopted various features, and so the appliance would be familiar in how it was setup.

Would you consider the Sophos XG series easy to setup and deploy? I don't really want to get a technician in to setup the system on the new UTM. I setup our Cyberoam and continue to manage it without a problem, so I am hoping to do this with whichever new one we choose.

Any other thoughts about your positive or negative experience with Sophos UTM's would be appreciated?
0
We are currently deploying Mimecast to our environment. We had setup the journaling and send connectors. We found that all the journaled traffic was causing a backlog in our on premise Sophos Email appliance. My question is, can I configure the primary send connector to our email domains instead of *, and configure the mimecast send connector for it's domain @journal.ourdomain.com.au, or is this going to cause issues?
0
Dear Experts, we are moving our Data Center in the next 2 months. What should we consider and take note in order to move DC smoothly?

Our environment:
- 4 x Server ESXi6.5 (HP Gen9)
- 2 x Routers Cisco 3925
- 2 x Core Switch Cisco 3750/3560
- 1 x Firewall Sophos XG
- 10 x Access Switch Cisco CE500
- 5 x WAP Cisco Meraki MR18
- 5 x Physical Server IBM x3650

Many thanks!
0
Outlook 2007...
Recieving but NOT sending emails...
Occasional Secuirty Certificate cannot be Verified...

My mother in law...age 95 is active on her PC...She uses Outlook and is fairly familiar with it...We POP Gmail...

She has been using this PC with W7 and Outlook 2007 for about 8 years...
She lives in an assisted care facility...

About 2 weeks ago she started getting Security Certificate cannot be Verified...
Relates to Sophos...says a mismatch in the SSL port...and Outlook will NOT send email...but she recieves email ok...

I cleaned it up...reinstalled Office 2007...and got the same problem...no joy...

So...I took it to my shop...and discovered that Outlook worked just fine on MY internet connection...

BUT....I rebuild the PC anyway and installed W10...re-installed Outlook 2007...connected her PST file and everything is working perfectly on MY internet...

I set it up again in her apartment at the assisted care facility and Outlook will NOT send email...I had the facilities maintenance guy try...and we cannot get it working...
Internet is fine...if I go to Gmai webmail her email works just fine...

So...It seems to be an Outlook issue on the facilities network...

So...on Gmail the SMTP port is 587....what do you think the chances are that the IT company that handles the assisted care facility closed port 587 on the router...???

Or...is there some possible other reason for the issue...

Many thanks in advance...
Amber-gmail-settings.docx
0
Hi all,

We have a VPN tunnel between two Sophos firewalls.

Location A = 10.102.0.0/24, 192.168.99.0/24 (VLAN99)
Location B = 10.102.1.0/24

The VPN tunnel is UP and communication between the main networks is working properly.

From site B, however, the DMZ network (VLAN99) in site A is only limited reachable.


From Site B -> I can ping the gateway (192.168.99.1) but the Printer (192.168.99.14) is not reachable. I should say only the gateway is reachable everything else can't be reached through the VPN tunnel from side b.

I have attached a screenshot of the VPN tunnel configuration of both sites.

Thanks in advance.
connection-between-site-a-and-b.png
0
I have a couple of machines that are not able to browse to HTTP sites at a remote site where that I have established a PPTP VPN to that site (via the OS). I can ping the respective IP address fine however HTTP browsing does not work. I am of great suspicion that this is something in our Sophos UTM as I can browse to the HTTP sites on my laptop via cellular connection fine (effectively bypassing the Sophos UTM).

I am not using 'use default gateway on remote network' yet I am unable to packet capture (in the Sophos UTM) any traffic going via the PPTP VPN to the remote site.

I've worked with Sophos UTMs (ex Cyberoam) for a number of years now and I cannot see anything obvious where anything would be being blocked or dropped. Everything is open. Nothing has been modified recently that would prevent this, and it only stopped in the last few months (yes I've been slack).

Has anyone experienced similar issues?
0
I have a Sophos Firewall at home(Version 9.5) .I created a Guest WLAN access. I connect Guest wlan no problem, internet etc works.
I try to RDP connection to my friend laptop which is windows 10 computer ,from Guest Wlan cant RDP to external.
I I use network cable connect my laptop then I can RDP to my Friend laptop.

Internal Cable connectionRDPmy friend  laptop =WORKS!
Guest-WLANRDPmy friend laptop =NOT WORKING!


Do I need a rule under Guest-WLAN?
0
Client is using a Sophos XG Firewall to filter email. The XG had been configured in MTA mode and had been working with an Exchange 2010 server running on  Server 2008R2 for about 1 year. Over the weekend, the client updated the firmware from SFOS17.0.2 MR-2, to SFOS 1706 MR-6. After the update, Sophos log reported that email had been delivered from the Sophos to Exchange, but was not received in the client mailboxes.

A call to Sophos support resulted in turning the Sophos from MTA mode to Legacy mode which achieved the objective of Email being filtered and delivered to user mailboxes, however, any reports generated by the XG (i.e. Quarantine Digest) are not being delivered from the XG to Exchange.

One symptom which the Sophos tech was unable to explain was that he was able to telnet from a workstation into the Exchange server, and get a response, but not from the XG into the Exchange server. We would get "Connection refused". When reviewing the Sophos logs (after the change to Legacy mode), System Log reports "Fail to send mail: Cannot connect to mail server servername.domainname.com:25, when attempting to send a test from the XG.

There have been no changes to the email server and the only change is the XG firmware. Has anyone else experienced this issue?
0
Unable to find solution for event ID 5038 on Windows Server 2008 Enterprise, Service Pack 2. Event details as below. The file path mentioned in the event details is pertains to Sophos Antivirus program.

Event ID Details:
Code integrity determined that the image hash of a file is not valid.  The file could be corrupt due to unauthorized modification or the invalid hash could indicate a potential disk device error.
File Name:      \Device\HarddiskVolume1\Windows\System32\drivers\savonaccess.sys      

Please advice solution to the above event ID to stop and resolve. - Pritesh Parikh - (Email: Pritesh_net@yahoo.com).
0
Exploring SharePoint 2016
LVL 13
Exploring SharePoint 2016

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.

Hi

Whats the best way to check/pull the config from a Sophos XG210 firewall.
0
Inherited a new client with a Sophos appliance.  The UTM 9 so far seems to be a great device.  That being said, I am trying to turn off filtering for a specific endpoint.  Even though it is in the "allow access", when I am on that endpoint it still get re-directed to a webpage hosted on the appliance and is expecting to want some sort of authentication.  Are there good tutorials on how to manage Sophos?
0
We had a user whose laptop was infected with ransomware, and that led me to look into the solution to it, and our backup system.
Fortunately, he was not connected to the company network, so the files were only locked in his laptop.
Free ransomware removal tool from TrendMicro, and someone else did not work.

1. What is the best removal tool?

I am looking into Sophos. They have Enterprise Malware Removal Tool that can take care of Ransomware. We use their anti-virus software, so theirs caught my eye.

2. What is the best backup strategy?

I had a IT admin friend, and his system got infected. He spent $30K to get his files back from the servers, and what was interesting was that the ransomware did not manifest itself right away. It was like 2 or 3 days later.
Right now, my servers are backed up fully every night to a USB drive. I have only 3 servers. No incremental or differential. I'd like to know how people backup a couple of terabyte data these days. Tape systems were used in the past, and each day manually or automatically different tapes were used. Do people do this even in 2018? I only used it 10 years ago.

https://www.amazon.com/EX4100-Expert-Network-Attached-Storage/dp/B00TB8XN2E
These can have multiple full backups, and each time are they totally offline from each other? I hear that Ransomware can go into other resources in the same LAN. Then I need a backup system that can backup multiple generations (like daily), and they need to be completely …
0
Hi all,

I'm looking for a bit of help getting started with my HP 1820-24g switch .

my network plan :

sophos router eth1(lan 192.168.0.1/24) and i configured the sophos router so : new interface eth4 (192.168.2.1/24) mit VLAN ID :10 function.

i also sophos router configured dhcp scopes for 192.168.2.100- to 200

so i connected sophos eth4 lan cable  -->switch port 1


so i have the native vlan 1, and  vlan 10(port 1-10 tagged) for lan  on the router.

my problem are:
1. if i change sophos interface(eth4)  Vlan funtion to only ethernet and i connect my laptop port 7 then get my laptop IP from sophos router dhcp server.

2.if i change sophos inteface (eth4) only Vlan fuction (vlan 10),then my laptop gets no ip from sophos dhcp server.

any idea and help?
Thank you
0
For the patch of the chip vulnerability, can I just download the patch from microsoft and install it on all servers and workstations rather than use windows update?  I have a couple servers and 20 workstations.  Also, I noticed that you have to be careful with antivirus because of a registry entry.  Can someone help me out with this issue, I use SOPHOS antivirus and the link below details what they are doing to work with the MS patch.  I think it says that SOPHOS works with the patch but I am not entirely sure.  Better safe than sorry.  Here is the link:    https://community.sophos.com/kb/en-us/128053
0
Hi All,
We have two sites linked via BT routers and each site has its own UTM and fail over simple diagram below.

WAN                                         WAN
  |                                              |
Router                                     Router
  |                                               |
UTM                                         UTM
  |                                               |
Lan - Router -WAN - Router - LAN

So we have a site link and two sites with Primary/DR with fail over routers

The primary site UTM has IP : 194.72.126.66 GW : 194.72.126.65
The primary sites internet works fine

The secondary DR site UTm has IP : 194.74.139.67 GW : 194.72.126.65
I cannot get out to the internet from this UTM

BT have said there is no issue with the routers and the failover is working on the routers.   Below is the information BT have provided me concerning the IP address allocation.

I have recently taken over this position and I'm under the impression this has never worked any ideas why the second UTM at the DR site cannot get  onto the internet?

Regards

John H

194.72.126.64 255.255.255.224
194.72.126.74<<used on primary router
194.72.126.75<<used on V1 router
194.72.126.65<< HSRP standby address and the gateway for you to point to from both devices
 
194.74.139.64 255.255.255.240
194.74.139.66<<< used on primary
194.74.139.67<<used on V1
194.74.139.65<<< HSRP standby address and the gateway for you to point to…
0

Sophos

243

Solutions

437

Contributors

Sophos develops products for communication endpoint, encryption, network security, email security and mobile security as well as unified threat management. Products include hardware (or software virtual appliance) network firewalls including web browsing protection, AntiSpam filters and antivirus protection, encryption and data protection, web filter, antispam and mobile content and device management tools.

Top Experts In
Sophos
<
Monthly
>