Sophos

181

Solutions

346

Contributors

Sophos develops products for communication endpoint, encryption, network security, email security and mobile security as well as unified threat management. Products include hardware (or software virtual appliance) network firewalls including web browsing protection, AntiSpam filters and antivirus protection, encryption and data protection, web filter, antispam and mobile content and device management tools.

Share tech news, updates, or what's on your mind.

Sign up to Post

I've recently recently rolled out Intercept x by Sophos which is a software that prevents files from crypto viruses. it can detect file changes and roll these changes back.
However sophos have told me there is no way to tell from there cloud service if the end points has received the update. pain the in backside i know! they did say if the end point device has Hitman.pro service then the device has received the update.

So i'd like to know what's the easier way to scan the network to find this service or executable file on all the devices

Thanks
0
Announcing the Most Valuable Experts of 2016
LVL 6
Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

I have installed Exchange 2010 onto Server 2008R2. I have an SAN SSL certificate from Godaddy installed on Exchange (mail.domain.com and autodiscover.domain.com). I have a Cisco ASA acting as a firewall and a Sophos XG135 in bridged mode acting as the email filter. Email can be sent and received without a problem and the email is being filtered. OWA works from the outside without a problem, however, Outlook Anywhere will not work. I have poured over the available documentation from Sophos but cannot get a remote Outlook client to connect to the Exchange server using Outlook Anywhere.

Has anyone successfully configured the XG in bridged mode to work with Outlook Anywhere? What steps am I missing? Do I need to install the SSL cert on the XG instead of Exchange and make the XG an SSL Proxy? If so, is there any documentation on how to go about this with the Godaddy certificate?
0
I would like to make practice with a sophos UTM. (I don't have any experience with sophos before ).

Firstly how to connect it and how to reset all the existing setting (so to start for the begging)?
Also how to set web filtering etc.
0
We have configured on our end phase 1 and phase 2 to match an ASA that is on a cloud provider. Phase 1 and Phase 2 connect but when looking on the debug on the ASA with the tech decapsulating packets are not happening.

So when we get on a computer the data still times out and will not pass traffic through the VPN connection.

Anything besides the VPN that we need to configure on the Sophos XG85? Routes? Or firewall policies?
0
Hi
Has anyone got any real world experience of migrating from sophos to bitdefender (or the other way?)?
Evaluating BD currently and looks very good.  Relay option looks good for machines that can be pushed out to clients etc.  Unsure of the ins and outs until its deploying fully etc..
Obviously cheaper and has ransom-ware integrated.
Any pointers/recommendations on it?
Thanks
0
We have a problem where emails to certain domains are being blocked as spam, it’s gradually getting worse. We get bounce messages such as “5.3.0 - Other mail system problem 550-'Administrative prohibition”, “5.0.0 smtp; 5.3.0 - Other mail system problem 553-'Blocked Using Spam Pattern, Your Message May Contain The Spam Contents'”.
I have checked all the major black lists and all the minor ones that I could find, I’ve also checked reputational databases and all are showing as good for our domain and IP addresses. We are being blocked by major email management orgs such as messaglabs, mimecast and Sophos devices so I’m fairly confident that an org such as Sophos has blacklisted us and is propagating this to customers and partners.
I’m trying to work with the IT departments of affected recipients but they have their own problems and naturally aren’t prioritising our issue. Can anyone think of a way of finding out who has blacklisted us, avenues to go down, backdoors I can knock on, etc?
0
Hi
We used to use CentOS 5 with Sendmail, MailScanner and Sophos SAVI (Perl module) to scan mail virus.
As EOL of CentOS 5, I build the mail server on CentOS 7 instead.

My MailScanner doesn't work with SAVI mode (use less CPU resource), just work with Sophos mode (user more CPU resource).

I have complied the SAVI-Perl-0.30 and the after "make" the SAVI.so has been deployed to /usr/local/lib64/perl5/auto/SAVI/SAVI.so.

I set "Virus Scanners = sophossavi" in MailScanner.conf, let it make use SAVI module.
However I got the following error in maillog, keep saying "SAVI Perl module not found"

Apr 20 15:07:56 myserver MailScanner[5266]: MailScanner E-Mail Virus Scanner version 4.85.2 starting...
Apr 20 15:07:56 myserver MailScanner[5266]: Reading configuration file /etc/MailScanner/MailScanner.conf
Apr 20 15:07:56 myserver MailScanner[5266]: Reading configuration file /etc/MailScanner/conf.d/README
Apr 20 15:07:56 myserver MailScanner[5266]: Using SpamAssassin results cache
Apr 20 15:07:56 myserver MailScanner[5266]: Connected to SpamAssassin cache database
Apr 20 15:07:56 myserver MailScanner[5266]: Enabling SpamAssassin auto-whitelist functionality...
Apr 20 15:07:58 myserver MailScanner[5266]: SAVI Perl module not found, did you install it?

If I set  "Virus Scanners = sophos" in MailScanner.conf, it works, but use a lot of CPU and performance is not good.

In the MailScanner.conf, seems no conf to tell the …
0
Hi,

is there anyone here who has ever configured Sophos UTM and it's Web Application Firewall reverse proxy feature with Exchange 2010 using a single domain certificate and SRV-records as autodiscover-method?

The guide uses three different certificates and I am unable to follow as I have only one.

https://sophserv.sophos.com/repo_kb/120454/file/Exchange%20WAF%20How%20to%209%202%20new.pdf

Thanks,
Ralph
0
Ransomware is a concern for everyone and SOPHOS has come out with this Intercept X product that they claim to stop modern exploits, including zero-day and ransomware.

Has anyone had any experience with this product? Can anyone one confirm this products protection from Ransomware?
0
Hi,
We are considering Sophos Intercept X and Endpoint Security for our organization. I was wondering of anyone has had any experience with this product. If so, how is it working out for you.

thanks!
0
Free Tool: Path Explorer
LVL 8
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Hi,

I have exchange server2010  environment with Edge Server in dmz and Sophos UTM XG430 as an internal Firewall.

MY Exchange Server is integrated with O365  but there are some local users also.

when i try to send an email from local network to external email address i get : 5.7.1 unable to relay from sophos.

my hub is sending smtp traffic to sophos and sophos is sending to Edge.

Please advise what i have done wrong, this is new sophos device.
0
Hi, just got an alert from sophos cloud that one of our pcs got infected with huntsy malware but it is unable to quarantine it or remove it.  What would be best way to remove it? Thanks
0
HI all

Odd one I have inherited here.

In short there are 3 sites, one with an ASA (I don;t know the model at this point), one with a Meraki MX device and another location in Azure.

The customers site runs the Meraki, and there parent site runs an ASA.  These sites are connected and they have a DC at each location.  The customer currently accesses the Azure site via external RDP connections.  They want to create a site to site VPN from Azure to the ASA and the meraki for full connectivity.

The problem lies in that all parties eitehr have issues with IKE2 and or they have restrictions using policy based VPN's.  The solution is to put a virtual firewall appliance within azure which can support the VPN requirements.  I haven't had a good look at this yet but wondered if anyone has any experience deploying a firewall appliance within Azure and getting VPN's working etc, in what I assue is in a double NAT type situation...

Thanks
0
Hello Everyone.

We have a SOPHOS UTM firewall.  In the Web Protection - Filtering Options - HTTPS CAs we have imported a COMODO wild card cert *.mycert.net.

I have exported that same cert and imported it into Windows Group Policy on the domain controller so Windows clients will not get an error when surfing the net.  See screenshot of GP settings.

Capture.JPG
However, users are still getting a warning with the cert.  Am I leaving out a step?

Capture2.JPG
By the way, when I was making this question, I could not choose "UTM" or "CERTIFICATE" as topics.  EE rejected them.  Any idea why?

JamesNT
0
Hi All,

I have a VBS script, which checks on the network for Sophos End Point Antivirus application if its installed, and secondly it checks for which Sophos version its running.
I am trying to run it through GP, I have tried it under default GP policy (Startup Script) but its not working.
Under which Container in GP I should put so it will serve its purpose :-)

thanks.
0
Hi
Does anyone have any pointers for migrating Sophos enterprise console to the portal?
Have they removed the firewall product from the portal?
Thanks
0
If you have a hardware firewall installed like a Sophos UTM is that reason to turn off Windows firewall?  I'm curious

Thanks
0
Hi
We have two servers running enterprise console.  They manage three site between them.  I see sophos central is now an option.
Anyone migrated from enterprise to cloud?  Any issues, limitation etc?
Thanks
0
Dear Experts,

I am working on Sophos UTM 9, i have integrated it with Active directory and my requirements are as follows:

1) I want to give time based access to users for facebook, I have done all the configs but for some reason it is blocking for all the time and not for the time I mentioned.
2) i want to block some users for facebook based on time as mentioned above and to allow others. for some reason it is blocking for all the users.

looking forward for your kind gesture.
0
Free Tool: SSL Checker
LVL 8
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

I have 2 Sophos UTM firewalls that I need to setup a site to site VPN.

In the setup there are 2 options: SSL and IPSEC.

What are the benefits of going with SSL vs. IPSEC for a site to site VPN.
(I am not interested in answers for client to site)

Thank you.
0
We use Sophos to secure our network via VPN, firewall, and Anti-virus.

We need to allow contractors to connect to our network.  We have already set policy that the contractor must have Sophos antivirus client installed on their computer (they can spin up a virtual machine if they need to) and we have set policy that all clients must be Windows 7 or higher and they must use the Sophos VPN client to connect.

Question:  When a contractor connects via Sophos VPN client, how can we determine that their computer has the antivirus installed and is up-to-date?  Also, how about patches?  

Note:  Contractor computers are NOT domain members.  They are stand-alone.

JamesNT
0
Hi,

All my email infrastructure is based on Office 365.
One NVR recorder item can not send email to Office 365 or Gmail.

Can I configure my UTM as a email gateway from my LAN NVR  to UTM and to office 365 email accounts?

How to do  this?

Regards
0
Hi,

a customer was running SBS2008, which I migrated to Exchange 2013.  The old SBS was deinstalled, demoted and removed from the domain.  This was about two months ago.

Recently I installed a new firewall system (Sophos sg) with an SMTP proxy that receives and scans and forwards all mail.  I am finding in it's queue many messages going from NO SENDER to inboundproxy@contoso.com.

The log sais this:

HealthMailboxfed50d91c7c042958d086b53575e0dd3@internaldomain.local
The entered email address could not be verified. Check the email address of the recipient and try to send your message again.  Ask helpdesk if the problem persists.


Diagnose information for administrators:

generating server: mail.internaldomain.local

HealthMailboxfed50d91c7c042958d086b53575e0dd3@internaldomain.local
Remote Server returned '550 5.1.1 RESOLVER.ADR.RecipNotFound; not found'

Ursprüngliche Nachrichtenköpfe:

Received: from mail.internaldomain.local (192.168.1.222) by mail.internalodmain.local
 (192.168.1.222) with Microsoft SMTP Server (TLS) id 15.0.1178.4; Thu, 29 Sep
 2016 09:06:12 +0200
Received: from InboundProxyProbe (127.0.0.1) by mail.internaldomain.local (127.0.0.1)
 with Microsoft SMTP Server id 15.0.1178.4 via Frontend Transport; Thu, 29 Sep
 2016 09:06:12 +0200
X-MS-Exchange-ActiveMonitoringProbeName: OnPremisesInboundProxy
X-Exchange-Probe-Drop-Message: FrontEnd-CAT-250
Subject: Inbound proxy probe
Message-ID: 
From: 
To: Undisclosed recipients:;
Return-Path: 

Open in new window

0
Hi,

I have a client who is using a bit of a strange setup.  He receives mail directly via SMTP, it is first received by his sophos firewall SMTP proxy.  The firewall calls out mail that is received to verify if the user exists before accepting the message.  Messages are then scanned and forwarded to the mailsserver.

Mail is sent, however, via a smart host of a different provider.  
(Long story - it has to do with their line issuing fixed IPs from a DHCP pool, so they are not fit for running a mailserver on because sent mail will not be accepted by many providers).
This provider is then sending Mailer-Deamon replys to also non-existent senders (spammers) which results in blocking the account after a while.

How do I train exchange to tell the firewall that an address does not exist so that it is rejected before transmission?

To those who know Sophos:  The firewall is AD-member, but setting it to check for existing adresses in AD results in each and every mail being rejected because it does not exist even though it does.

Thanks,
Ralph
0
Hi,

I have a SBS2011 running Pure Message and the defintions are way out of date but I cannot find where i would update the license or force some sort of update, anybody got any ideas about this one? Here is the details about the product.

Server group name: PureMessage Server Group
Database: Microsoft SQL Server 2005 (9.00.5000.00) SP4 Express Edition

Server: SBS2011
           PureMessage version:3.1.0.0
           Product release status:Full
           Threat detection engine:3.22.0
           Threat detection data:4.68G
           Threat detection identities:1
           Threat detection identity files:vdl.dat
           Total detectable threats:2782787
           Spam detection engine version:2.7.2
           Spam detection data version:2014.5.19.133625
           Operating system:6.1.7601 (Service Pack 1)
           Processor:Intel(R) Xeon(R) CPU X3430 @ 2.40GHz
           Processor description:GenuineIntel Intel64 Family 6 Model 30 Stepping 5
           Number of processors:4
           Address width:64
           Physical memory(Free/Available):19811820/33544408 KB
           Virtual memory(Free/Available):4391904/41734556 KB
           Microsoft Exchange version:14.1
           Microsoft IIS version:7.5
           System default language:2057
           User default language:2057

Thanks
SycamoreIT
0

Sophos

181

Solutions

346

Contributors

Sophos develops products for communication endpoint, encryption, network security, email security and mobile security as well as unified threat management. Products include hardware (or software virtual appliance) network firewalls including web browsing protection, AntiSpam filters and antivirus protection, encryption and data protection, web filter, antispam and mobile content and device management tools.

Top Experts In
Sophos
<
Monthly
>