Jump to content
RESET Forums (homeservershow.com)

Sophos Copernicus is now out of Beta and Has a New Name, Sophos XG Firewall

itGeeks

By itGeeks,
in Networking

 Share Followers 4

Recommended Posts

Jason

Jason 84

Posted
Posted

How often has Sophos been pushing updates for XG via their Up2Date system so far? By sounds of it, there should be packages deployed in a daily interval. Is this happening?

 

 

Sent from my iPhone using Tapatalk

Link to post
Share on other sites
  • Replies 300
  • Created
  • Last Reply

Top Posters In This Topic

  • itGeeks

    92

  • nrf

    53

  • pcdoc

    46

  • psykix

    40

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

nrf

for intrusion prevention, the equivalent in UTM9 is the 'attack patterns' tab on the intrusion prevention page. since I am not hosting internet services I orient both toward protecting clients. on XG

itGeeks

Here is what Sophos had to say about this brand new platform- https://blogs.sophos.com/2015/11/10/sophos-xg-firewall-a-network-security-ecosystem-with-many-innovations/#more-30035   You can downloa

pcdoc

Well I was almost there this weekend but had to bail out.  Got everything working very well such as port forwarding, filtering, application policies etc.  Got my home automation, cameras, and streamin

itGeeks

itGeeks 187

Posted
  • Author
Posted (edited)

How often has Sophos been pushing updates for XG via their Up2Date system so far? By sounds of it, there should be packages deployed in a daily interval. Is this happening?

 

 

Sent from my iPhone using Tapatalk

I just checked and I got 4 updates Dec 14-2015 prior to that the last update was Nov 23-2015 so by no means has there been daily updates to my Sophos XG box. By the way your post is good awareness to the product. Just for the record though I was not getting daily updates on UTM9.x either.

 

Thanks

Edited by itGeeks
Link to post
Share on other sites
itGeeks

itGeeks 187

Posted
  • Author
Posted (edited)

I stuck with Sophos XG and now that I have my Wifi AP installed decided to start to check out some of the more useful features of Sophos.

 

Has anyone got the antivirus/malware detection to work?

 

I'm trying to test it out using the payloads on wicar.org but the virus is not picked up by Sophos at all :-(

 

Windows defender and google chrome detect and delete it, but I wouldn't have expected it to even get past the gateway to be honest...

 

I have a horrible feeling I'm gonna have to sit down and read through the massive admin guide, but it's safe to say that Sophos XG is one very weird bit of software.

You must have somthing miss configured becouse testing wicar links below are blocked by my Sophos XG-

Fake virus test 1 http://www.eicar.org/download/eicar.com

Fake virus test 2 http://www.eicar.org/download/eicar_com.zip

Fake virus test 3 http://www.eicar.org/download/eicarcom2.zip

 

If you notice these test are from the HTTP section of the site, If your trying to test the HTTPS downloads you need to have "Decrypt & Scan HTTPS" enabled in your policy, For HTTP scanning you need to have Scan HTTP enabled in the policy. These settings are under the heading Malware Scanning. I do not have "Decrypt & Scan HTTPS" enabled right now because I don't want to deal with installing certs right now so I only scan HTTP at the moment.

Edited by itGeeks
Link to post
Share on other sites
psykix

psykix 27

Posted
Posted

Yeah, I did post again after that saying it was because the webfilter was not on.

 

By the way, even with the webfilter off and decrypt & scan on it still breaks video streaming sites.

 

Sucks!

Link to post
Share on other sites
nrf

nrf 135

Posted
Posted

so is the decrypt and scan doing it in batch perhaps?

and if it is scanning in realtime I wonder how much iron is required to do that at video bitrates without adding lumpiness to the stream

Link to post
Share on other sites
CaffeinatedTech

CaffeinatedTech 0

Posted
Posted

I've been configuring this in between work for the last day and discovered that the web filter is causing the Blizzard updater to fail.  Several people in the house play WoW and can't update unless I disable the web filter.  So I'm not going to create an exception for those machines like itGeeks' workaround for devices, these are PCs I want to protect.

 

I've been away from Sophos UTM for a while now, using pfsense instead.  I'm beginning to wander again however, as I can't get pfsense web filter to be as good as I want it.  I used UTM back when it was Astaro Security Gateway and during the transition to Sophos.  I stepped away from it originally because I found the QoS to be inferior.  Guess I'll go back to UTM 9 and check out what's new.

Link to post
Share on other sites
itGeeks

itGeeks 187

Posted
  • Author
Posted

I've been configuring this in between work for the last day and discovered that the web filter is causing the Blizzard updater to fail.  Several people in the house play WoW and can't update unless I disable the web filter.  So I'm not going to create an exception for those machines like itGeeks' workaround for devices, these are PCs I want to protect.

 

I've been away from Sophos UTM for a while now, using pfsense instead.  I'm beginning to wander again however, as I can't get pfsense web filter to be as good as I want it.  I used UTM back when it was Astaro Security Gateway and during the transition to Sophos.  I stepped away from it originally because I found the QoS to be inferior.  Guess I'll go back to UTM 9 and check out what's new.

Do you know the url that's being used for the update? if you know the url or after you figure out what url is being used follow the directions below and please post back the results after you try it.

 

I had a similar issue with Playstation 4 updates for various games... this is what I did to fix.

 

Click on the PROTECTION > Web Protection > Web Content Filter

 

Scroll towards the bottom to the HTTP Scanning Rules section (there will be a default ALL include, or specifically SCAN entry)

 

Click ADD and give it a name, Blizard Updates exclude.

Both Source and Destination addresses can be asterisks.

The URL, you will need to determine the URL to specific to exempt - sorry, not a WoW user here... use the Web Filter logs to determine this.

Click SAVE and test again.

Link to post
Share on other sites
nrf

nrf 135

Posted
Posted (edited)

hmmm. thanks for that tidbit. with it I think I could replicate the url-specific exception rules of the 'drashna' variety on xg. does it support patterns?

I will also interpret this as an answer to my previous question about usability of the logs. if there is enough data there to set up these exceptions it would be great.

Edited by nrf
Link to post
Share on other sites
CaffeinatedTech

CaffeinatedTech 0

Posted
Posted

Do you know the url that's being used for the update? if you know the url or after you figure out what url is being used follow the directions below and please post back the results after you try it.

 

I had a similar issue with Playstation 4 updates for various games... this is what I did to fix.

 

Click on the PROTECTION > Web Protection > Web Content Filter

 

Scroll towards the bottom to the HTTP Scanning Rules section (there will be a default ALL include, or specifically SCAN entry)

 

Click ADD and give it a name, Blizard Updates exclude.

Both Source and Destination addresses can be asterisks.

The URL, you will need to determine the URL to specific to exempt - sorry, not a WoW user here... use the Web Filter logs to determine this.

Click SAVE and test again.

 

Yeah I see URLs in the logs, mostly akamai, but there are no deny entries.  It doesn't matter which content filter category is selected, the update fails.  I'll try to add those exceptions shortly and see what happens.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Followers 4
Go to topic listing
×
×
  • Create New...